The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below – CVE-2019-9874 (CVSS score: 9.8) – A deserialization vulnerability in the Sitecore.Security.AntiCSRF Go to Source Author:
Category Archives: Uncategorized
A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that’s used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources. The vulnerability, tracked as Go to Source Author:
Hunt quickly took to his blog to notify the public of the breach and provide further details on how this could have happened. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
Attackers don’t always need to resort to sophisticated gambits to break and enter; organizations often make it easy for them to walk right in. Go to Source Author: Jai Vijayan, Contributing Writer
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely […]
Cybercriminals in China have figured out how to undermine the strengths of mobile messaging protocols. Go to Source Author: Nate Nelson, Contributing Writer
While industry experts continue to analyze, interpret, and act on threat data, the complexity of cyber threats necessitates solutions that can quickly convert expert knowledge into machine-readable formats. Go to Source Author: Ryan Hohimer, Jans Aasman
The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. “In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute […]
The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor’s tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of […]
The Anti-Malware Testing Standards Organization published a Sandbox Evaluation Framework to set a standard among various sandbox offerings that help protect organizations from rising threats. Go to Source Author: Arielle Waldman