03/68 Friday, January 3, 2025 The role of AI is becoming a critical focus for organizations worldwide in 2025. Analysts believe that the use of Generative Artificial Intelligence (GenAI) and Large Language Models (LLMs) will significantly enhance productivity and efficiency. However, these advancements also introduce new challenges in terms of security, privacy, and governance. The […]
02/68 Thursday, January 2, 2025 The U.S. Department of the Treasury, under the Office of Foreign Assets Control (OFAC), has sanctioned organizations in Iran and Russia for attempting to interfere in the 2024 U.S. presidential election. The Iranian organization, the Cognitive Design and Planning Center (CDPC), operates under the Islamic Revolutionary Guard Corps (IRGC) and […]
01/68 Thursday, January 2, 2025 The U.S. Department of Justice (DoJ) has announced the final rule for implementing Executive Order (EO) 14117, aimed at regulating the mass transfer of personal data to countries considered potential threats, such as China, Cuba, Iran, North Korea, Russia, and Venezuela. This new rule stems from President Joe Biden’s executive […]
461/67 Friday, December 27, 2024 The Apache Software Foundation (ASF) has released a security update to address a critical vulnerability in Apache Traffic Control that could allow malicious actors to execute harmful SQL commands on the database. Identified as CVE-2024-45387, the vulnerability has been assigned a CVSS score of 9.9 out of 10.0. It affects […]
460/67 Friday, December 27, 2024 Cybersecurity researchers from Claroty have uncovered critical vulnerabilities in the cloud platform and networking devices of Ruijie Networks, potentially allowing attackers to gain control over more than 50,000 networking devices worldwide. Additionally, new flaws have been identified in the MIB3 infotainment system used in Skoda vehicles, enabling attackers to eavesdrop, […]
459/67 Thursday, December 26, 2024 The Apache Software Foundation (ASF) has addressed a critical vulnerability in the Tomcat server software, identified as CVE-2024-56337. Researchers have warned that this flaw could be exploited to achieve Remote Code Execution (RCE) under certain conditions. Apache Tomcat is an open-source software platform supporting Java Servlet, JavaServer Pages (JSP), Jakarta […]
458/67 Thursday, December 26, 2024 A new botnet has been discovered exploiting vulnerabilities in network devices, primarily targeting DigiEver’s DS-2105 Pro Network Video Recorders (NVR), outdated TP-Link routers, and Teltonika RUT9XX routers with old firmware. This campaign began in September 2024, with the main vulnerability in DigiEver NVRs being a remote code execution (RCE) flaw. […]
457/67 Wednesday, December 25, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Acclaim Systems’ USAHERDS, identified as CVE-2021-44207 with a CVSS severity score of 8.1, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability involves the use of hardcoded credentials, allowing attackers to execute malicious code on the system. […]
456/67 Wednesday, December 25, 2024 WhatsApp, a messaging application owned by Meta Platforms, has won a significant legal case against NSO Group, an Israeli commercial spyware developer. The victory came after a district judge in California ruled in favor of WhatsApp, citing NSO Group’s violation of security protocols by exploiting vulnerabilities in the system to […]
455/67 Tuesday, December 24, 2024 Rostislav Panev, a 51-year-old man holding both Russian and Israeli citizenships, has been charged as a programmer for the LockBit ransomware group following his arrest in Israel in August 2024. Panev is accused of developing the LockBit ransomware from 2019 until February 2024. The group targeted over 2,500 victims worldwide, […]
