Several vulnerabilities have been found in the TP-Link Omada system, which is a popular software-defined networking solution for small to medium-sized businesses. The vulnerabilities could let attackers run code from a distance, causing serious security issues. The affected devices are wireless access points, routers, switches, VPN devices, and hardware controllers …
Read More »Evolve Bank Confirms Data Breach, Customer Info Exposed
Evolve Bank & Trust experienced a cybersecurity incident. The bank confirmed that cybercriminals obtained and shared customers’ personal information on the dark web. This data breach affected both retail bank customers and customers of Evolve’s financial technology partners. Evolve Bank was hacked by a cybercriminal group that stole and shared …
Read More »BSNL Data Breach: Data worth 278GB leaked: Report claim
According to digital risk management firm Athenian Technology, BSNL, India’s state-owned telecom provider, suffered a significant data breach. A cybercriminal named “kiberphant0m” performed the attack, resulting in the exposure of a large amount of sensitive data. This puts millions of users at risk. Zee news reported, Kanishk Gaur, CEO of …
Read More »Polyfill supply chain attack hits 100K+ web sites
Over 100,000 websites were compromised in a recent supply chain attack. The attack injected malware into the popular Polyfill JS project. It was discovered by the Sansec Forensics Team and shows the increased risks of using open-source software. The Polyfill JS library, which helps older web browsers, has been targeted …
Read More »Patch soon! 5 WordPress Plugins Backdoored
A hacker changed the code of five plugins on WordPress.org to add harmful PHP scripts that make new admin accounts on websites using the plugins. The Wordfence Threat Intelligence team found the attack yesterday, but the injections happened between June 21 and June 22, last week. Wordfence found a breach …
Read More »CISA issued two advisories for industrial control systems
CISA released two advisories about Industrial Control Systems (ICS) on June 25, 2024. The advisories contain important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-177-01 ABB Ability System 800xA: Successful exploitation of these vulnerabilities could cause services to crash and restart. ICSA-24-177-02 PTC Creo Elements/Direct License Server: …
Read More »CISA confirms hackers possibly access CSAT January incident
CISA warns that its Chemical Security Assessment Tool (CSAT) was hacked in January. Hackers used a webshell on the Ivanti device, which may have exposed important security assessments and plans. In March, The Record revealed that CISA had a breach after the Ivanti device was exploited, leading to two systems …
Read More »LockBit Claims 33 TB of US Federal Reserve Data
LockBit claimed that it breached Federal Reserve Board (Federalreserve.gov), the central banking system of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” “The group announced to release the stolen data on 25 June, 2024 20:27:10 UTC.” According to the post by the LockBit ransomware …
Read More »Indonesia’s National data center compromised, $8M ransom demand
Cyber attack compromised Indonesia’s national data center, causing trouble with immigration checks at airports. Attacker demanded an $8 million ransom, Reuters reported. The attack caused problems for government services, especially at airports, with long lines at immigration desks. The communications ministry said that automated passport machines are now working. Minister …
Read More »ESET Issues Security Patch for Privilege Escalation Flaw
ESET Issued security patch for privilege escalation flaw in its Windows security products. This flaw, called CVE-2024-2003 (CVSS 7.3), was found by the Zero Day Initiative (ZDI). It could have let attackers gain access to important files and folders without permission. The vulnerability exploited ESET’s file operations while restoring quarantined …
Read More »