A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. “Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and […]
Category Archives: Uncategorized
The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group’s playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023. “The campaign distributed the SnailResin malware, which activates the SlugResin backdoor,” […]
Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East — led by Saudi Arabia and other Gulf nations — have adopted mature frameworks and regulations amid escalating volumes of attacks. Go to Source Author: Robert Lemos, Contributing Writer
Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated […]
The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack. Go to Source Author: Jai Vijayan, Contributing Writer
The data leak was not actually due to a breach in Amazon’s systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well. Go to Source Author: Dark Reading Staff
Adaptive Shield is the third security posture management provider the company has acquired in the last 14 months as identity-based attacks continue to rise. Go to Source Author: Jeffrey Schwartz, Contributing Writer
Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches. Go to Source Author: Elizabeth Montalbano, Contributing Writer
There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a “good old unauthenticated RCE.” Go to Source Author: Jai Vijayan, Contributing Writer
The unpatched security vulnerability, which doesn’t have a CVE yet, is due to an exposed Microsoft Message Queuing (MSMQ) instance and the use of the insecure BinaryFormatter. Go to Source Author: Tara Seals, Managing Editor, News, Dark Reading