CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware. Go to Source Author: Becky Bracken, Senior Editor, Dark Reading
Category Archives: Uncategorized
The pivot is one of several changes the groups using the malware have used in recent attacks. Go to Source Author: Jai Vijayan, Contributing Writer
Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks. Go to Source Author: Elizabeth Montalbano, Contributing Writer
Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL database. “The default credentials for the setup HSQL […]
The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity. Go to Source Author: Jai Vijayan, Contributing Writer
With the right processes and tools, organizations can implement advanced AI security frameworks that make hidden risks visible, enabling security teams to track and address them before impact. Go to Source Author: Diana Kelley
A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecurity firms ESET and DBAPPSecurity. The attacks have been found to […]
The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. “The BlackByte ransomware group continues to leverage tactics, techniques, and procedures (TTPs) that have formed the foundation of its tradecraft since its Go […]
LLM automation tools and vector databases can be rife with sensitive data — and vulnerable to pilfering. Go to Source Author: Nate Nelson, Contributing Writer
African nation’s proactive approach to cybersecurity comes amid a rise in painful cyberattacks including the breach of a major bank. Go to Source Author: Dark Reading Staff