Cybersecurity researcher Jeremiah Fowler found a non-password-protected database with 115,000 records linked to the UN Trust Fund to End Violence against Women. This fund aims to prevent violence against women and girls by supporting organizations that address gender-based violence and promote women’s rights. The unprotected database contained sensitive financial reports, …
Read More »Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability
Cisco announced updates on Wednesday to fix a security flaw in its Adaptive Security Appliance (ASA) that is currently being exploited and could cause a denial-of-service (DoS) condition. CVE-2024-20481 (CVSS score: 5.8) is A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and …
Read More »Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024
White hat hackers at the Pwn2Own Ireland 2024 contest by Trend Micro’s Zero Day Initiative earned $500,000 on the first day by exploiting NAS devices, cameras, printers, and smart speakers. Sina Kheirkhah from Summoning Team earned the top reward of $100,000 by exploiting nine vulnerabilities in an attack from a …
Read More »Fortinet + Crowdstrike team on protection from endpoint to firewall
In today’s rapidly changing cybersecurity environment, organizations encounter numerous complex threats targeting endpoints and networks. CrowdStrike and Fortinet have partnered to provide top-notch protection from endpoints to firewalls. This partnership combines the strengths of CrowdStrike in endpoint security and Fortinet in network security, offering customers the flexibility, visibility, and protection …
Read More »Sophos to Acquire Secureworks in $859M
Sophos, based in the UK, is to acquire Secureworks, a Nasdaq-listed company, for $859 million in cash from Dell Technologies. This merger combines two major channel-focused cybersecurity firms. Sophos plans to combine solutions from both companies to create a stronger security portfolio for small, mid-sized, and enterprise customers. Dell owns …
Read More »2nd time hacker breached Internet Archive
The Internet Archive was breached again, this time through their Zendesk email support platform, following warnings that threat actors had stolen exposed GitLab authentication tokens. Bleeping computer reported, Since last night, the authority received numerous messages from people who received replies to their old Internet Archive removal requests, warning that …
Read More »Vulnhuntr: A Tool for Finding Exploitable Vulnerabilities with LLMs
In today’s changing cybersecurity environment, it’s essential to find vulnerabilities in code. Vulnhuntr, an open-source tool on GitHub, uses Large Language Models (LLMs) and static code analysis to detect remotely exploitable vulnerabilities in Python projects. Its user-friendly design combines intelligent automation with thorough code analysis, making it a valuable resource …
Read More »Critical Vulnerabilities in Bitdefender Total Security Expose Users to MITM
Bitdefender said a vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the “Server Authentication” specification in the Extended Key Usage extension, the product does not verify the certificate’s compliance with the site, …
Read More »Microsoft’s Alarming Report: 600 Million Cyberattacks perday
Cybersecurity threats have surged to extraordinary heights, as Microsoft’s latest Digital Defense Report reveals that its customers are confronted with over 600 million cyberattacks every day. The report highlights that cyber operations play a crucial role in geopolitical conflicts, used for espionage, influence, and destruction. The cooperation between nation-states and …
Read More »
CVE-2024-38814
VMware fixes high-severity SQL injection flaw in HCX
VMware has issued a warning about a remote code execution vulnerability, CVE-2024-38814, with a CVSS score of 8.8, in its HCX application mobility platform. An authenticated SQL injection vulnerability in HCX was privately reported to VMware by Sina Kheirkhah from the Summoning Team through the Trend Micro Zero Day Initiative. …
Read More »