The Mirai botnet is exploiting a new directory traversal vulnerability in Apache OFBiz. This Java framework is supported by the Apache Foundation. It is used to create ERP (Enterprise Resource Planning) applications that manage sensitive business data. Despite being less common than commercial alternatives, ERP applications are crucial for businesses. Vulnerability …

The European Union’s artificial intelligence law, the first of its kind in the world, officially came into effect on Thursday. This is a significant step in the EU’s efforts to regulate this technology. The Artificial Intelligence Act aims to protect the “fundamental rights” of citizens in the 27-nation bloc and …

CISA released nine advisories about Industrial Control Systems (ICS) on August 1, 2024. They give important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-214-01 Johnson Controls exacqVision Client and exacqVision Server ICSA-24-214-02 Johnson Controls exacqVision Web Service ICSA-24-214-03 Johnson Controls exacqVision Web Service ICSA-24-214-04 Johnson Controls exacqVision …

“At the upcoming Black Hat cybersecurity conference in Las Vegas, Sam Beaumont and Larry ‘Patch’ Trowell from NetSPI, a security firm, will showcase their new laser hacking device, the RayV Lite. They intend to release the design and component list of their tool as open source, enabling anyone to access …

Cleafy found a harmful software called BingoMod that targets Android devices. The malware tries to get into bank accounts on the device and steal money, then it erases the device’s activity. Cleafy says that BingoMod is a type of remote access Trojan (RAT). Attackers can use it to control devices …

Proofpoint is monitoring a group of cybercriminals using Cloudflare Tunnels to distribute malware. They are exploiting the TryCloudflare feature to create one-time tunnels without needing an account. Tunnels allow remote access to data and resources not on the local network, similar to using a virtual private network (VPN) or secure …

More than a dozen threat actors are using a strong attack method in the domain name system (DNS). These hackers can take control of domain names without the owners realizing, and then use them for harmful activities. Infoblox, an IT automation and security company, cautions about this risk. The “Sitting …

A ransomware attack on a tech provider has caused payment systems in nearly 300 local Indian banks to temporarily shut down, according to two reliable sources. The attack affected C-Edge Technologies, a provider of banking technology systems to small banks across the country, they said. C-Edge Technologies did not respond …

Zimperium’s zLabs found a new threat called SMS Stealer. It has been found in over 105,000 samples and affects more than 600 global brands. SMS Stealer poses risks like account takeovers and identity theft. SMS stealer: The SMS Stealer threat was discovered in 2022. It tricks victims by using fake …

Apple released security updates for iOS, macOS, tvOS, visionOS, watchOS, and Safari to fix many vulnerabilities. The IT giant addressed numerous security vulnerabilities, such as authentication and policy bypasses, information disclosure, denial-of-service (DoS) issues, and bugs leading to memory leaks, unexpected application termination, or system shutdown, by releasing iOS 17.6 and …