Cybersecurity Articles

451/67 Friday, December 20, 2024 Researchers have issued a warning about a critical vulnerability in Apache Struts, identified as CVE-2024-53677, which has a CVSS score of 9.5. This vulnerability allows attackers to modify file upload parameters to execute a Path Traversal attack, potentially leading to the upload of malicious files for Remote Code Execution (RCE). […]

450/67 Friday, December 20, 2024 Researchers from Unit 42 of Palo Alto Networks have revealed a cyberattack targeting users in the automotive, chemical, and industrial sectors across Europe, with as many as 20,000 victims. The attackers employed sophisticated phishing techniques to steal account credentials and compromise the Microsoft Azure cloud infrastructure. The campaign began with […]

449/67 Thursday, December 19, 2024 The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities, Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference (CVE-2024-35250) and Adobe ColdFusion Improper Access Control (CVE-2024-20767), to its Known Exploited Vulnerabilities (KEV) catalog. Details of the vulnerabilities are as follows: To mitigate these vulnerabilities, agencies under the Federal Civilian Executive […]

448/67 Thursday, December 19, 2024 Over the past year, a new form of scam called “Task Scams” or “Gamified Job Scams” has alarmingly increased by 400%, putting job seekers at risk of wasting time and losing money. Task Scams or Gamified Job Scams involve online fraudsters targeting individuals looking for remote jobs. They offer seemingly […]

447/67 Wednesday, December 18, 2024 ConnectOnCall, a telemedicine and after-hours emergency call service platform, has disclosed a data breach affecting the personal and medical information of over 900,000 users. The company discovered the security breach on May 12, 2024, and immediately began an investigation. It was found that an external party had gained access to […]

446/67 Wednesday, December 18, 2024 Cybersecurity researchers from QiAnXin, a company in China, have revealed an advanced PHP backdoor called Glutton, a new tool associated with the Winnti group, which is linked to China. This backdoor targets multiple countries, including China, the United States, Cambodia, Pakistan, and South Africa. Glutton is designed in a modular […]

445/67 Tuesday, December 17, 2024 Germany’s Federal Office for Information Security (BSI) announced its success in halting the BADBOX malware operation, which was found to have infected over 30,000 internet-connected devices sold within the country. The agency disrupted communication between the infected devices and their command-and-control (C2) servers using a sinkholing technique. Affected devices include […]

444/67 Tuesday, December 17, 2024 Thai government officials have become targets of a new cyberattack employing a technique known as DLL Side-Loading to deploy a backdoor malware called “Yokai.” This malware is designed to take control of systems and execute commands from attackers via a command-and-control (C2) server. The campaign begins with a RAR file […]

443/67 Monday, December 16, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerability CVE-2024-50623 (CVSS score 8.8), which affects Cleo Harmony, VLTrader, and LexiCom products, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability involves unrestricted file upload and download, which could lead to remote code execution (RCE). Users are advised to […]

442/67 Monday, December 16, 2024 OpenWrt, a popular open-source operating system for routers and network devices, has been revealed to contain a critical security vulnerability in its Attended Sysupgrade (ASU) feature. This vulnerability, identified as CVE-2024-54143, has received a CVSS severity score of 9.3 out of 10, indicating a high level of risk. The vulnerability […]