Iranian hackers work with ransomware gangs to extort breached orgs
error code: 1106
Aggregator
Iranian hackers work with ransomware gangs to extort breached orgs
8 months ago
An Iran-based hacking group known as Pioneer Kitten is breaching defense, education, finance, and healthcare organizations across the United States and working with affiliates of several ransomware operations to extort the victims. [...]
Sergiu Gatlan
Наука раскрывает тайный код в музыке Баха
8 months ago
Анализ музыкальных сетей показал, что сложность его композиций не случайна.
Fortra fixes critical FileCatalyst Workflow hardcoded password issue
8 months ago
error code: 1106
Seeking a Job in Cybersecurity? Protect Yourself From Scams
8 months ago
Learn How to Recognize Fraudulent Job Postings and Avoid Becoming a Scam Victim
The demand for skilled cybersecurity professionals, coupled with the rise in remote work, has led to an increase in fraudulent job postings targeting tech-savvy individuals. Learn why this is so and how to protect yourself from deceptive schemes as you pursue a job in cybersecurity.
The demand for skilled cybersecurity professionals, coupled with the rise in remote work, has led to an increase in fraudulent job postings targeting tech-savvy individuals. Learn why this is so and how to protect yourself from deceptive schemes as you pursue a job in cybersecurity.
Chinese Nation-State Attackers Tied to Versa Zero-Day Hit
8 months ago
Targeted Versa Software Used by Service Providers to Manage Wide Area Networks
Chinese nation-state attackers are actively exploiting a zero-day vulnerability in Versa Director software, used by major internet and managed service providers to deploy, configure and monitor network infrastructure, security experts warn. Versa updated its software last month to patch the flaw.
Chinese nation-state attackers are actively exploiting a zero-day vulnerability in Versa Director software, used by major internet and managed service providers to deploy, configure and monitor network infrastructure, security experts warn. Versa updated its software last month to patch the flaw.
Ransomware Attacks Exposed 6.7 Million Records in US Schools
8 months ago
Ransomware attacks on US schools and colleges have surged, with 491 incidents since 2018, affecting over 8000 institutions
Google increases Chrome bug bounty rewards up to $250,000
8 months ago
Google has more than doubled payouts for Google Chrome security flaws reported through its Vulnerability Reward Program, with the maximum possible reward for a single bug now exceeding $250,000. [...]
Sergiu Gatlan
Fortra fixes critical FileCatalyst Workflow hardcoded password issue
8 months ago
Fortra is warning of a critical hardcoded password flaw in FileCatalyst Workflow that could allow attackers unauthorized access to an internal database to steal data and gain administrator privileges. [...]
Bill Toulas
China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target
8 months ago
Versa Networks criticized for swerving the blame.A huge, gaping vulnerability in Versa Director al
China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target
8 months ago
Xi whiz: Versa Networks criticized for swerving the blame.
The post China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target appeared first on Security Boulevard.
Richi Jennings
Учёные Китая призывают создать ядерный зонтик над Землей для защиты от космических угроз
8 months ago
Учёные призывают к разработке технологий для предотвращения глобальной катастрофы
CVE-2024-7745 | Progress WS_FTP Server up to 8.8.7 Web Transfer Module missing critical step in authentication
8 months ago
A vulnerability, which was classified as critical, was found in Progress WS_FTP Server up to 8.8.7. This affects an unknown part of the component Web Transfer Module. The manipulation leads to missing critical step in authentication.
This vulnerability is uniquely identified as CVE-2024-7745. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-6053 | TeamViewer Meeting/Remote Full Client exposure of private personal information to an unauthorized actor
8 months ago
A vulnerability, which was classified as problematic, has been found in TeamViewer Meeting and Remote Full Client. Affected by this issue is some unknown functionality. The manipulation leads to exposure of private personal information to an unauthorized actor.
This vulnerability is handled as CVE-2024-6053. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-7744 | Progress WS_FTP Server up to 8.8.7 Web Transfer Module path traversal
8 months ago
A vulnerability classified as critical was found in Progress WS_FTP Server up to 8.8.7. Affected by this vulnerability is an unknown functionality of the component Web Transfer Module. The manipulation leads to path traversal.
This vulnerability is known as CVE-2024-7744. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-20279 | Cisco Application Policy Infrastructure Controller (APIC) Restricted Security Domain access control (cisco-sa-apic-cousmo-uBpBYGbq)
8 months ago
A vulnerability classified as critical has been found in Cisco Application Policy Infrastructure Controller (APIC). Affected is an unknown function of the component Restricted Security Domain Handler. The manipulation leads to improper access controls.
This vulnerability is traded as CVE-2024-20279. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-20478 | Cisco Application Policy Infrastructure Controller (APIC) Software Upgrade unnecessary privileges (cisco-sa-capic-priv-esc-uYQJjnuU)
8 months ago
A vulnerability was found in Cisco Application Policy Infrastructure Controller (APIC). It has been rated as problematic. This issue affects some unknown processing of the component Software Upgrade Handler. The manipulation leads to execution with unnecessary privileges.
The identification of this vulnerability is CVE-2024-20478. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-20413 | Cisco NX-OS up to 10.4(3) Bash Shell authorization (cisco-sa-nxos-bshacepe-bApeHSx7)
8 months ago
A vulnerability was found in Cisco NX-OS. It has been declared as critical. This vulnerability affects unknown code of the component Bash Shell. The manipulation leads to missing authorization.
This vulnerability was named CVE-2024-20413. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-20289 | Cisco NX-OS up to 10.4(2) CLI os command injection (cisco-sa-nxos-cmdinj-Lq6jsZhH)
8 months ago
A vulnerability was found in Cisco NX-OS. It has been classified as critical. This affects an unknown part of the component CLI. The manipulation leads to os command injection.
This vulnerability is uniquely identified as CVE-2024-20289. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-20411 | Cisco NX-OS up to 10.4(2) Bash Shell privilege defined with unsafe actions (cisco-sa-nxos-bshacepe-bApeHSx7)
8 months ago
A vulnerability was found in Cisco NX-OS and classified as critical. Affected by this issue is some unknown functionality of the component Bash Shell. The manipulation leads to privilege defined with unsafe actions.
This vulnerability is handled as CVE-2024-20411. Attacking locally is a requirement. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com