Cybersecurity Articles

411/67 Tuesday, November 19, 2024 Researchers from the Shadowserver Foundation have uncovered a botnet exploiting a zero-day vulnerability in End-of-Life (EoL) GeoVision devices to launch attacks and take control of active systems. The vulnerability, identified as CVE-2024-11120, carries a CVSS score of 9.8 and is classified as a pre-authentication command injection flaw. It was discovered […]

410/67 Tuesday, November 19, 2024 A significant security vulnerability has recently been disclosed in the Really Simple Security plugin (formerly Really Simple SSL) for WordPress websites. This vulnerability, if exploited, could allow attackers to gain remote administrative access. The vulnerability, identified as CVE-2024-10924, has been assigned a CVSS severity score of 9.8. The flaw affects […]

409/67 Monday, November 18, 2024 A hacker group connected to Chinese intelligence has infiltrated several telecommunications companies in the U.S. and abroad, including T-Mobile, as part of a months-long cyber-espionage operation aimed at gathering sensitive information from high-level individuals. While there is currently no clear evidence that customer data has been accessed, T-Mobile has confirmed […]

408/67 Monday, November 18, 2024 Palo Alto Networks has confirmed the discovery of a new zero-day vulnerability with a CVSS severity score as high as 9.3, affecting the management interface of PAN-OS firewalls. This vulnerability is actively being exploited for system intrusions. Just one day after confirming the issue, the company released Indicators of Compromise […]

407/67 Friday, November 15, 2024 Zoom has patched six vulnerabilities in its video conferencing and communication platform, including two high-severity vulnerabilities that could be exploited by remote attackers to escalate privileges or leak sensitive information. These two vulnerabilities were discovered by the Zoom Offensive Security team, with details as follows: Additionally, Zoom addressed four medium-severity […]

406/67 Friday, November 15, 2024 Bitdefender, the renowned cybersecurity company, has launched a free decryption tool to help victims unlock data encrypted by the ShrinkLocker ransomware. After thoroughly analyzing this malware, it was discovered that ShrinkLocker uses VBScript techniques and the BitLocker encryption feature of Microsoft Windows to encrypt files on victims’ systems. Despite its […]

405/67 Thursday, November 14, 2024 SAP released its July 2024 security update to address 18 vulnerabilities across various products. This update includes fixes for two critical vulnerabilities that could allow attackers unauthorized access to sensitive data and systems. The most severe of these is CVE-2024-39592, affecting the SAP Product Design Cost Estimating (PDCE) tool, with […]

404/67 Thursday, November 14, 2024 Renowned credit rating agency Moody’s has released a recent report indicating that the telecommunications, airline, and power generation industries are currently facing high cyber risks. The report highlights that these industries’ heavy reliance on digital technology, combined with insufficient security practices, increases their vulnerability to cyberattacks. This heightened risk is […]

403/67 Wednesday, November 13, 2024 Amazon has disclosed a data breach that exposed employee information following the MOVEit attack in May 2023. The stolen data was taken from an external service provider partnered with the company. However, Amazon did not specify the number of employees affected by the incident. A threat actor group known as […]

402/67 Wednesday, November 13, 2024 Researchers at Kaspersky have discovered a new type of ransomware called Ymir, which is being used in attacks alongside the RustyStealer malware. RustyStealer is a data-stealing program that infiltrates the victim’s system before deploying Ymir ransomware. Ymir targets networks containing sensitive information, with RustyStealer employing techniques to collect credentials and […]