Cybersecurity Articles

461/67 Friday, December 27, 2024 The Apache Software Foundation (ASF) has released a security update to address a critical vulnerability in Apache Traffic Control that could allow malicious actors to execute harmful SQL commands on the database. Identified as CVE-2024-45387, the vulnerability has been assigned a CVSS score of 9.9 out of 10.0. It affects […]

460/67 Friday, December 27, 2024 Cybersecurity researchers from Claroty have uncovered critical vulnerabilities in the cloud platform and networking devices of Ruijie Networks, potentially allowing attackers to gain control over more than 50,000 networking devices worldwide. Additionally, new flaws have been identified in the MIB3 infotainment system used in Skoda vehicles, enabling attackers to eavesdrop, […]

459/67 Thursday, December 26, 2024 The Apache Software Foundation (ASF) has addressed a critical vulnerability in the Tomcat server software, identified as CVE-2024-56337. Researchers have warned that this flaw could be exploited to achieve Remote Code Execution (RCE) under certain conditions. Apache Tomcat is an open-source software platform supporting Java Servlet, JavaServer Pages (JSP), Jakarta […]

458/67 Thursday, December 26, 2024 A new botnet has been discovered exploiting vulnerabilities in network devices, primarily targeting DigiEver’s DS-2105 Pro Network Video Recorders (NVR), outdated TP-Link routers, and Teltonika RUT9XX routers with old firmware. This campaign began in September 2024, with the main vulnerability in DigiEver NVRs being a remote code execution (RCE) flaw. […]

457/67 Wednesday, December 25, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Acclaim Systems’ USAHERDS, identified as CVE-2021-44207 with a CVSS severity score of 8.1, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability involves the use of hardcoded credentials, allowing attackers to execute malicious code on the system. […]

456/67 Wednesday, December 25, 2024 WhatsApp, a messaging application owned by Meta Platforms, has won a significant legal case against NSO Group, an Israeli commercial spyware developer. The victory came after a district judge in California ruled in favor of WhatsApp, citing NSO Group’s violation of security protocols by exploiting vulnerabilities in the system to […]

455/67 Tuesday, December 24, 2024 Rostislav Panev, a 51-year-old man holding both Russian and Israeli citizenships, has been charged as a programmer for the LockBit ransomware group following his arrest in Israel in August 2024. Panev is accused of developing the LockBit ransomware from 2019 until February 2024. The group targeted over 2,500 victims worldwide, […]

454/67 Tuesday, December 24, 2024 A new report from Chainalysis reveals that North Korean hackers stole over $1.34 billion worth of cryptocurrency in 2024 through 47 cyberattacks, setting a new record for cyber theft. According to the report, this amount accounted for 61% of the total value stolen this year, marking a 21% increase compared […]

453/67 Monday, December 23, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a command injection vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software, identified as CVE-2024-12356, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, with a CVSS severity score of 9.8, allows unauthenticated attackers to execute malicious […]

452/67 Monday, December 23, 2024 Cyberattacks in today’s world not only reflect political and geopolitical tensions but have also increasingly targeted organizational sectors in unprecedented ways. State-sponsored threat actors have shifted their strategies and targets from critical infrastructure, such as energy and transportation systems, to breaching data in businesses and major organizations across various industries. […]