Cloudflare suffered an incident roughly 3.5 hours On November 14, 2024 impacting the majority of customers using Cloudflare Logs. Cloudflare lost about 55% of the logs normally send to customers were not sent and were lost on that incident. Log services are crucial for network operations, helping businesses analyze traffic, …
Read More »VMware Patched critical flaw in Aria Operations
VMware revealed several critical vulnerabilities in its Aria Operations product, with the most severe allowing attackers to gain root user privileges on affected systems. The advisory, VMSA-2024-0022, released on November 26, 2024, addresses five distinct vulnerabilities: CVE-2024-38831 is a local privilege escalation vulnerability with a CVSSv3 score of 7.8. CVE-2024-38832 …
Read More »HDFC Life hit by data breach, begins investigation
On Monday, Indian HDFC life insurance said, They got some instances of data leaks. “We have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent,” HDFC Life said in a regulatory filing. The company has started to security …
Read More »Daily Security Update Dated (26.11.2024) around the world
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: Volunteer hackers dive into America’s leaky water …
Read More »RomCom Exploits Firefox and Windows Zero-Day
According to ESET, Russia linked Ramcom exploit the two zero days of Mozilla FireFox and Microsoft Window addressed CVE 2024-9680, and 2024-49039. “In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user interaction required (zero click) …
Read More »MITRE discloses 2024 CWE Top 25 critical software flaw
MITRE identified Cross-site scripting as the most critical software flaw in its recent published report of the past year. The nonprofit published its latest ranking of the Top 25 Most Dangerous Software Weaknesses on November 20, highlighting critical flaws from the Common Weakness Enumeration (CWEs) catalog between June 2023 and …
Read More »Python NodeStealer: harvest credit card and Facebook Ads Manager
Jan Michael Alcantara of Netskope Threat Labs reported, Python NodeStealer has resurfaced with advanced techniques and a broader target range. The report shows that primarily the infostealer to target Facebook business accounts and harvests credit card information. The malware targets Facebook Ads Manager accounts to steal login details, cookies, and …
Read More »
Cisco Talos
Over 60% of Emails with QR Codes are spam
Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people underestimate potential threats. Anti-spam filters can’t detect QR codes in images, allowing many spam emails to go unnoticed. While only 1 in 500 emails contains a QR code, around 60% …
Read More »CERT-In Flags Multiple Critical Vulnerabilities in Zoom app
CERT-In issued a security advisory for multiple vulnerabilities in the Zoom app that could let attackers access sensitive information, escalate privileges, or disrupt service. Vulnerabilities exist in various Zoom products, including the Zoom Workplace App, Zoom Rooms Client, and Zoom Video SDK, across multiple operating systems: macOS, iOS, Windows, Linux, …
Read More »Daily Security Digest Dated 11/23/24
Every day a lot of cyberattack happenings around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: # Warning on 500K French supermarket shoppers …
Read More »