Adobe released security updates to fix several vulnerabilities in their software. These vulnerabilities could be used by cyber attackers to gain control of a system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply necessary updates: Security Updates Available for Adobe Premiere Pro | APSB24-46: …
Read More »CISA Warns Hacker Use OS Command Injection Vulnerabilities to Compromise Systems
OS command injection vulnerabilities are a preventable type of weakness in software. Manufacturers can eliminate them by taking a secure design approach. Despite efforts, these vulnerabilities still appear, allowing adversaries to exploit them for harm. CISA and FBI are releasing this Alert because of recent well-known attacks that took advantage …
Read More »Pakistan allows spy agency to intercept phone messages, calls
The Pakistan Ministry of Information Technology and Telecommunication has given permission to the Inter-Services Intelligence (ISI) to intercept citizens’ phone communications for national security reasons. Issued on Monday, the ministry’s notification — a copy of which is available with Dawn.com — said that the authorisation was granted to the ISI …
Read More »Citrix Issues Critical Security Advisory for NetScaler
Citrix has warned users about severe vulnerabilities in their widely-used NetScaler products. These vulnerabilities, known as CVE-2024-6235 and CVE-2024-6236, could potentially allow unauthorized access to sensitive information and cause denial-of-service (DoS) attacks. CVE-2024-6235: Sensitive Information Disclosure (Critical Severity) The flaw in the NetScaler Console (previously known as NetScaler ADM) is …
Read More »
(CVE-2024-38080, CVE-2024-38112)
Microsoft July Patch Tuesday fixes 142 flaws, 4 zero-days
Microsoft’s July 2024 Patch Tuesday includes security updates for 142 flaws, including two zero-days that are actively exploited and two that are publicly disclosed. This Patch Tuesday fixed five critical vulnerabilities, all of which were remote code execution flaws. July 2024 Patch Tuesday Breakdown: Here is the breakdown of vulnerabilities …
Read More »
EXCLUSIVE
Analysis of 3 Ransomware Threats Active Right Now
Three emerging threats will be discussed below, along with how sandbox analysis can be utilized to detect them proactively. Lockbit Ransomware: The Lockbit ransomware is a major cybersecurity threat that appeared in 2019. It works as Ransomware-as-a-Service (RaaS), where affiliates use its software to carry out attacks. The Royal Mail …
Read More »AVAST RELEASED DECRYPTOR FOR DONEX RANSOMWARE
Avast researchers found a security flaw in the DoNex ransomware and its previous versions, which allowed them to create a tool to decrypt the files. They shared this discovery at the Recon 2024 conference. Avast released a free decryptor in March 2024 to help victims recover their files. “All brands …
Read More »Critical Security Advisory for Apache CloudStack
The Apache Software Foundation has warned about two serious security issues (CVE-2024-38346 and CVE-2024-39864) in Apache CloudStack, a popular open-source cloud computing platform. These vulnerabilities are a big threat to organizations using CloudStack to manage their virtualized infrastructure. Unauthenticated Cluster Service Port (CVE-2024-38346) The vulnerability CVE-2024-38346 is found in the …
Read More »8 cyber agencies warn APT40’s Rapid Exploit Adaptation
Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the UK, and the US issued a warning about a cyber espionage group called APT40, which is linked to China. The advisory cautions about the group’s capability to quickly and effectively use security flaws that are recently disclosed. “APT …
Read More »CISA Plans to Measure Trust in Open-Source Software
The United States cyber defense agency is creating a new framework to answer a critical question in cybersecurity: How can the trustworthiness of open-source security projects be accurately measured and transparently communicated? The Cybersecurity and Infrastructure Security Agency is working on the second phase of its open-source software security road …
Read More »