Lose yourself in Creep Show’s Yawning Abyss There’s a very specific laugh that, as an interviewer, signals, more often than not, the fact that you’ve just struck gold. When your interviewees do that slightly nervous “shall we tell them?” mutual giggle, you know you’re close to being let into a secret. In this case, it […]
Cisco on Wednesday announced patches for a critical-severity vulnerability in the BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform. Tracked as CVE-2023-20238, the vulnerability affecting the BroadWorks calling and collaboration platform was identified in the single sign-on (SSO) implementation and could be exploited by remote, unauthenticated attackers to forge credentials and access affected systems. […]
Multiple vulnerabilities in the Open Automation Software (OAS) Platform can be exploited to bypass authentication, leak sensitive information, and overwrite files, Cisco warns. Enabling communication and data transfer between servers, industrial control systems (ICS), IoT, and other types of devices, the OAS Platform is typically used in industrial operations and enterprise environments. It also supports […]
The US Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to help federal agencies adopt distributed denial-of-service (DDoS) mitigations. DDoS attacks are a type of cyberattack in which threat actors flood a server or network with internet traffic, exhausting its resources and rendering the target inaccessible. Meant to help federal agencies prevent “large-scale […]
Two flaws in Apache SuperSet allow to remotely hack servers Pierluigi Paganini September 07, 2023 A couple of security vulnerabilities in Apache SuperSet could be exploited by an attacker to gain remote code execution on vulnerable systems. Apache Superset is an open-source Data Visualization and Data Exploration Platform, it is written in Python and based on the […]
Sep 08, 2023THNZero Day / Cyber Attack Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines. The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social […]
Sep 08, 2023THNEndpoint Security / Exploit The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized […]
Sep 08, 2023THNSpyware / Vulnerability Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group’s Pegasus mercenary spyware. The issues are described as below – CVE-2023-41061 – A validation issue in Wallet that could result in […]
Ransomware gang Dunghill Leak has claimed responsibility for a cyber attack against travel booking company Sabre. Dunghill claimed in a post on its dark web data leaks site that it had stolen 1.3 terabytes of data from Sabre, including corporate financial information, passenger turnover and ticket sales data and personal employee information. The ransomware gang […]