Cybersecurity
Category Added in a WPeMatico Campaign
Around 1,450 instances of pfSense, an open-source firewall and router software, are vulnerable to command injection and cross-site scripting flaws. These flaws, if exploited together, could allow attackers to execute remote code on the system.
Proofpoint has warned recruiters of a skilled threat actor targeting them with emails designed to deploy malware. TA4557 is a financially motivated threat actor known to distribute the More_Eggs backdoor, which is designed to establish persistence, profile the targeted machine and drop additional payloads. Throughout 2022 and most of 2023 the actor has been replying to […]
Valve, the developer of Counter Strike 2, is expected to address the rumours surrounding the new CS2 exploit. Meanwhile, be cautious and watch out for suspicious links from unknown senders. A recently uncovered CS2 exploit (apparently an XSS vulnerability) has raised concerns within the gaming community, posing a potential threat to player security. This exploit […]
Facial recognition technology company Clearview AI has reached a settlement with plaintiffs in a class-action privacy lawsuit after a long court battle, according to a court docket entry filed November 30. The terms of the settlement are not yet public. The docket entry from an Illinois federal court noted that the parties to the case […]
Attackers have used hundreds of fake profiles on LinkedIn — many very convincing — to target professionals at companies in Saudi Arabia, not only for financial fraud, but to convince employees in specific roles to provide sensitive corporate information. In a presentation at the Black Hat Middle East and Africa conference last month, researchers said […]
The use of automated security technology is growing rapidly, which in turn is propagating the “shift everywhere” philosophy – performing security tests throughout the entire software development life cycle – across more organizations, according to Synopsys. This year’s findings revealed a clear trend of firms increasingly taking advantage of security automation to replace manual, subject […]
The vulnerability, tracked as CVE-2023-6553, can be exploited by unauthenticated attackers without user interaction. Although a patch has been released, almost 50,000 WordPress websites still remain vulnerable to this critical security flaw.
Cybercriminals still prefer targeting open remote access products, or like to leverage legitimate remote access tools to hide their malicious actions, according to WatchGuard. “Threat actors continue using different tools and methods in their attack campaigns, making it critical for organizations to keep abreast of the latest tactics to fortify their security strategy,” said Corey […]
A ransomware attack in April on cold storage giant Americold affected nearly 130,000 people, the company has announced. In a breach report to regulators in Maine on Friday, Atlanta-based Americold confirmed that hackers had breached its systems on April 26 and accessed the information of current and former Americold employees as well as their dependents. […]