Dec 12, 2023NewsroomVulnerability / Software Security Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed “file upload logic” that could enable unauthorized path traversal and could be […]
Canadian-based Dillinger Labs, a subsidiary of Eleven Engineering, is making moves with the launch of the Death From Below: a new SKAA Pro battery-powered mobile subwoofer. Death From Below works with all SKAA and SKAA Pro transmitters, as well as SKAA Nadja Hubs. That includes the Soundboks 3, 4, and GO, plus virtually any full-range […]
Dec 11, 2023NewsroomThreat Intelligence / Cyber Attack Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that’s known to use a backdoor known as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that […]
Kelvin Security has been active since 2013, targeting public-facing systems to obtain user credentials and steal confidential data, which they would sell or leak on hacking forums.
The University of Wollongong has become the latest victim of a data breach, as confirmed by university officials. In a statement released over the weekend, the institution acknowledged the University of Wollongong data breach and assured the public that measures are being taken to contain the incident. Both staff and students are believed to be […]
VC investment trends in the cybersecurity market suggest a sector in decline — at least within the context of recent months. According to Crunchbase, cybersecurity deal count fell during Q3 to 153 deals from 181 in Q2. In a more detailed report, Crunchbase suggests that, with Q3 cybersecurity venture funding down 30% compared to the […]
Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2 Pierluigi Paganini December 11, 2023 The Apache Software Foundation addressed a critical remote code execution vulnerability in the Apache Struts 2 open-source framework. The Apache Software Foundation released security updates to address a critical file upload vulnerability in the Struts 2 open-source framework. Successful exploitation of […]
Security experts have unmasked a new trick adopted by the GULOADER malware to evade detection by antivirus software. The highly evasive shellcode downloader malware, which typically spreads through emails bearing ZIP archives or links containing a VBScript file, has been found leveraging Vectored Exception Handler (VEH) capability to make analysis challenging. More in detail According […]
Insider threats, including both malicious attacks and unintentional risks, are on the rise, with privilege escalation exploits being a significant component of unauthorized activity.