VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol. “A malicious actor with network access to vCenter Server may […]
Category Archives: Uncategorized
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.3), refers to a bug involving an unspecified third-party component that could […]
Russia-linked hackers have taken aim at Japan, following its ramping up of military exercises with regional allies and the increase of its defense budget. Go to Source Author: Robert Lemos, Contributing Writer
These types of “long-lived” credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say. Go to Source Author: Dark Reading Staff
The networking company confirms that cyberattackers illegally accessed data belonging to some of its customers. Go to Source Author: Jai Vijayan, Contributing Writer
This latest breach was through Zendesk, a customer service platform that the organization uses. Go to Source Author: Dark Reading Staff
The emergence of novel anti-detection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page. Go to Source Author: Elizabeth Montalbano, Contributing Writer
The future of application security is no longer about reacting to the inevitable — it’s about anticipating and preventing attacks before they can cause damage. Go to Source Author: Bradley Schaufenbuel
The prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry. “Over a period of at least six months, the attackers stealthily gathered valuable information from the targeted company including, but not limited to, network […]
Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization’s attack surface, both internal and external. By providing a structured approach, these checklists help testers systematically Go to Source Author: