Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

DoJ, Microsoft Seize 100 Russian Phishing Sites Targeting US

DoJ and Microsoft seized over 100 sites used by Russian hackers for phishing campaigns targeting the U.S. The…

HackRead
#web#microsoft#amazon#cisco#git#intel#pdf#auth
How Cloud-Based Solutions Are Transforming Software Quality Assurance

Cloud-based solutions are transforming the software quality assurance (QA) industry. As organizations increasingly migrate their development and verification…

Cybersecurity Is Serious — but It Doesn't Have to Be Boring

Thoughtfully applied, humor breaks through security fatigue, increases engagement, and fosters a culture of security awareness.

U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown

Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country. "The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials

Criminals Are Testing Their Ransomware Campaigns in Africa

The booming economies of Africa, rich in natural resources and brimming with potential, are attracting not just investors but also cybercriminals.

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2. It was

DPRK's APT37 Targets Cambodia With Khmer, 'VeilShell' Backdoor

It's North Korea versus Cambodia, with Windows default settings and sheer patience allowing the bad guys to avoid easy detection.

ABB Cylon Aspect 3.07.02 (downloadDb.php) Authenticated File Disclosure

The building management system suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'downloadDb.php' script is not properly verified before being used to download database files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

Thousands of DrayTek Routers at Risk From 14 Vulnerabilities

Several of the flaws enable remote code execution and denial-of-service attacks while others enable data theft, session hijacking, and other malicious activity.

CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog

Ivanti reports that the bug is being actively exploited in the wild for select customers.