Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks

The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.

DARKReading
Open in Source
#vulnerability#web#android#google#microsoft#intel#pdf#auth#zero_day#ruby
Supply Chain Cybersecurity Beyond Traditional Vendor Risk Management

Traditional practices are no longer sufficient in today's threat landscape. It's time for cybersecurity professionals to rethink their approach.

What I’ve learned in my first 7-ish years in cybersecurity

Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.

4 Ways to Address Zero-Days in AI/ML Security

As the unique challenges of AI zero-days emerge, the approach to managing the accompanying risks needs to follow traditional security best practices but be adapted for AI.

Iran's APT34 Abuses MS Exchange to Spy on Gulf Gov'ts

A MOIS-aligned threat group has been using Microsoft Exchange servers to exfiltrate sensitive data from Gulf-state government agencies.

Hybrid Work Exposes New Vulnerabilities in Print Security

The shift to a distributed work model has exposed organizations to new threats, and a low but continuing stream of printer-related vulnerabilities isn't helping.

New Tool DVa Detects and Removes Android Malware

Discover DVa, a new tool that detects and removes malware exploiting accessibility features on Android devices. Learn how…

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.

Schneider Electric Data Center Expert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Data Center Expert Vulnerability: Improper Verification of Cryptographic Signature, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access private data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following versions of Data Center Expert, a monitoring software, are affected: Data Center Expert: Versions 8.1.1.3 and prior 3.2 Vulnerability Overview 3.2.1 Improper Verification of Cryptographic Signature CWE-347 An improper verification of cryptographic signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root. CVE-2024-8531 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calcu...