417/67 Friday, November 22, 2024 A cyberattack targeted a hospital in France, revealing the medical records of more than 750,000 patients. The attackers, identifying themselves as “nears,” claimed responsibility for breaching MediBoard software, developed by Softway Medical Group, a leading provider of patient record management systems (EPR) in Europe. The group also alleged access to […]
416/67 Friday, November 22, 2024 Oracle has issued a critical security advisory to users regarding a vulnerability identified in the Agile Product Lifecycle Management (PLM) Framework, designated as CVE-2024-21287, with a CVSS severity score of 7.5. This vulnerability can be exploited remotely without authentication, allowing malicious actors to access sensitive data. The flaw enables unauthenticated […]
415/67 Thursday, November 21, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The details of the vulnerabilities are as follows: To mitigate these risks, agencies under the Federal Civilian Executive Branch (FCEB) are required to address these vulnerabilities within a specified timeframe. CISA […]
414/67 Thursday, November 21, 2024 The Helldown ransomware group is emerging as a new cyber threat, targeting Linux systems and VMware ESXi used across various industries. Recent attacks reveal that the group exploits vulnerabilities in Zyxel firewall devices to gain access to victims’ systems. According to Sekoia, Helldown may have taken advantage of an undisclosed […]
413/67 Wednesday, November 20, 2024 Broadcom has issued a warning about two vulnerabilities in VMware vCenter Server that are being actively exploited by attackers. One of the vulnerabilities, identified as CVE-2024-38812, is a critical remote code execution (RCE) flaw discovered by TZL security researchers during the “Matrix Cup 2024” hacking competition in China. The issue […]
412/67 Wednesday, November 20, 2024 The Akira ransomware group has caused alarm once more. On November 13–14, their website, used to publish victim information, was updated to list over 30 new victims in a single day—a record high since the group began operations in March 2023. Akira targets victims indiscriminately across various countries and industries. […]
411/67 Tuesday, November 19, 2024 Researchers from the Shadowserver Foundation have uncovered a botnet exploiting a zero-day vulnerability in End-of-Life (EoL) GeoVision devices to launch attacks and take control of active systems. The vulnerability, identified as CVE-2024-11120, carries a CVSS score of 9.8 and is classified as a pre-authentication command injection flaw. It was discovered […]
410/67 Tuesday, November 19, 2024 A significant security vulnerability has recently been disclosed in the Really Simple Security plugin (formerly Really Simple SSL) for WordPress websites. This vulnerability, if exploited, could allow attackers to gain remote administrative access. The vulnerability, identified as CVE-2024-10924, has been assigned a CVSS severity score of 9.8. The flaw affects […]
409/67 Monday, November 18, 2024 A hacker group connected to Chinese intelligence has infiltrated several telecommunications companies in the U.S. and abroad, including T-Mobile, as part of a months-long cyber-espionage operation aimed at gathering sensitive information from high-level individuals. While there is currently no clear evidence that customer data has been accessed, T-Mobile has confirmed […]
408/67 Monday, November 18, 2024 Palo Alto Networks has confirmed the discovery of a new zero-day vulnerability with a CVSS severity score as high as 9.3, affecting the management interface of PAN-OS firewalls. This vulnerability is actively being exploited for system intrusions. Just one day after confirming the issue, the company released Indicators of Compromise […]
