OpenBAS is a platform that helps organizations to plan, schedule, and conduct crisis exercises, adversary simulations, and breach simulations. OpenBAS is a modern web application that follows ISO 22398 standards. It has a user-friendly interface and a RESTful API. The platform has different modules, such as scenarios, team management, simulations, …
Read More »Critical Security Flaws Patched in Zyxel Networking Devices
Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions. This flaw could allow the execution of unauthorized commands. The vulnerability known as CVE-2024-7261 (CVSS score: 9.8) involves an operating system (OS) command injection. “The improper neutralization of special elements …
Read More »CVE-2024-38811: CEV In VMware Fusion Unveiled
VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by attackers to run malicious code. CVE-2024-38811 is a vulnerability caused by using an insecure environment variable in the application, with a CVSSv3 score of 8.8, making it important. VMware Fusion …
Read More »CERT-IN Warns Vulnerabilities in Palo Alto Networks applications
Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit these vulnerabilities to access systems without permission, steal important information, and potentially run harmful code. Vulnerabilities in Palo Alto Networks: The vulnerabilities include CVE-2024-5915, CVE-2024-5916, and CVE-2024-5914. GlobalProtect App: Privilege …
Read More »How Malaysia’s Data Centre Industry Poised for Growth
Malaysia is quickly becoming a leading choice for investing in data centers. It aims to generate RM3.6 billion (US$781 million) in revenue by 2025, compared to RM2.09 billion (US$462 million) in 2022. The growth is driven by investments and expansions by major technology companies, showcasing Malaysia’s increasing importance in the …
Read More »RansomHub exfiltrated data over 210 victims: US alert
US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data from at least 210 victims using encryption and double extortion techniques. The group targeted various organizations, including healthcare, IT, government, emergency services, food and agriculture, and water and wastewater. They …
Read More »Godzilla Fileless Backdoor Exploits Atlassian Confluence flaw
There is a new way to attack Atlassian Confluence using the vulnerability CVE-2023-22527. The Confluence Data Center and Server products have the vulnerability that has been exploited using the Godzilla backdoor, which is a complex malware that doesn’t use files. Understanding CVE-2023-22527: CVE-2023-22527 is a critical vulnerability with a CVSS …
Read More »New Cicada ransomware targets VMware ESXi servers
The Cicada3301 ransomware is made in Rust and attacks Windows and Linux/ESXi hosts. Truesec researchers examined a version that targets VMware ESXi systems, which seems to be a variant of the same malware for Windows. Experts mentioned that although many ransomware groups are now targeting ESXi systems, only a few, …
Read More »Monday hits two UK bank apps causes outages
Lloyds Bank and Virgin Money’s internet banking services were down on Monday, causing trouble for users to access and view their transactions. Lloyds Bank customers in the UK had problems accessing their online banking on Monday. The issues started at 10 a.m., and users complained about not being able to …
Read More »Minecraft Server faced 3.15 Billion Packet Rate DDoS Attack
Global Secure Layer (GSL) recently mitigated a huge volume of DDoS attack ever recorded. The attack targeted a Minecraft gaming customer which peak at a staggering 3.15 billion packets per second (Gpps) that surpasses previous records by a factor of 3.2 to 3.5, underscoring the escalating threat posed by DDoS …
Read More »