A serious vulnerability, CVE-2023-45249 (CVSS 9.8), has been found in Acronis Cyber Infrastructure (ACI), a widely used software-defined infrastructure solution for cyber protection. The vulnerability is due to the use of default passwords, which could enable remote attackers to run any commands on affected systems, potentially leading to a complete …

OpenAI is testing a new search engine “SearchGPT” using generative artificial intelligence to challenge Google’s dominance in the online search market. SearchGPT will initially be available to a limited group of users and publishers. OpenAI plans to eventually integrate the search capabilities into ChatGPT instead of offering it as a …

CISA released two advisories about security issues for Industrial Control Systems (ICS) on July 25, 2024. These advisories offer important information about current vulnerabilities and exploits for ICS. ICSA-24-207-01 Siemens SICAM Products: Successful exploitation of these vulnerabilities could allow an attacker to perform an unauthorized password reset which could lead …

Tenable security researchers found a vulnerability in Google Cloud Platform’s Cloud Functions service that could allow an attacker to access other services and sensitive data without permission. Tenable has given the vulnerability the name ConfusedFunction. “An attacker could escalate their privileges to the Default Cloud Build Service Account and access …

BDG e-GOV CIRT’s Cyber Threat Intelligence Unit has noticed a concerning increase in cyber-attacks against web applications and database servers in Bangladesh. Hackers are trying to deface government websites, steal important information, and disrupt online services through DDoS attacks. Organizations are advised to take precautions to protect themselves online. CIRT …

GitLab released a security update today to fix six vulnerabilities in its software. Although none of the flaws are critical, there is one high-severity cross-site scripting bug that could seriously affect users who don’t update quickly. The update, which applies to GitLab Community Edition (CE) and Enterprise Edition (EE), includes …

Sekoia.io and Intrinsec analyzed the Quad7 (7777) botnet, which uses TCP port 7777 on infected routers to carry out brute-force attacks on Microsoft 365 accounts. Attacks were detected on 0.11% of monitored accounts. Key insights highlighted by researchers: Botnet Evolution: Quad7 has been active for a long time and continues …

A threat actor has announced a new DDoS tool called Cliver, which offers strong attack methods for disrupting web services, including HTTP/2 and TLS floods, Cloudflare bypass, and browser emulation for bypassing CAPTCHA. The threat actor shared more information in a FAQ section. Cliver is a strong Layer 7 (L7) …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The vulnerabilities are listed below – CVE-2012-4792 (CVSS score: 9.3) – Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) – Twilio Authy Information Disclosure …

CISCO fixed a vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem). The vulnerability could allow an attacker without authentication to change the password of any user, even administrative users. The problem is caused by not implementing the password-change process correctly. An attacker could take advantage …