Uganda’s finance ministry confirmed media reports that hackers breached the central bank’s systems and stole money, but refuted the claims to steal the money as much as $17 million. Uganda’s Minister of State for Finance, Henry Musasizi, addressed media reports alleging that a Southeast Asian hacker group hacked the Bank …
Read More »
CVE-2024-11667
Hackers actively exploiting Zyxel firewall to deploy Ransomware
CERT Germany and Zyxel have alerted about a serious vulnerability in Zyxel firewalls, identified as CVE-2024-11667. This flaw is being exploited to spread Helldown ransomware, with reports of at least five affected organizations in Germany. CVE-2024-11667 is a directory traversal vulnerability in Zyxel’s ZLD firmware versions 5.00 to 5.38. Exploiting …
Read More »CIRT-in flags Critical Flaw in Oracle Agile PLM Framework
CERT-In has flagged a security vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software, identified as CVE-2024-21287 and cataloged as CIVN-2024-0350. This high-risk threat was detected on November 26, 2024. CVE-2024-21287 affects Oracle Agile PLM Framework version 9.3.6, which is commonly used by organizations for managing product lifecycles and enhancing …
Read More »Microsoft patches four vulnerabilities in its services
On November 26th, Microsoft patched four vulnerabilities detected in Dynamics 365 Sales, the Partner.Microsoft.Com portal, Microsoft Copilot Studio and Azure PolicyWatch. Microsoft Copilot Studio, a platform for developers to create AI agents and speed up coding with automation, had a critical vulnerability rated 9.3 out of 10 (CVE-2024-49038). Microsoft has …
Read More »Data broker exposes 600K+ passwordless sensitive files online
SL Data Services/Propertyrec, an information research provider exposes a non-password-protected database containing more than 600K records according to the security researcher Jeremiah Fowler. The dataset contains over 713 GB records including vehicle records, property ownership reports and court records. Jeremiah Fowler said, around 95% of the limited sample of documents …
Read More »VMware Patched critical flaw in Aria Operations
VMware revealed several critical vulnerabilities in its Aria Operations product, with the most severe allowing attackers to gain root user privileges on affected systems. The advisory, VMSA-2024-0022, released on November 26, 2024, addresses five distinct vulnerabilities: CVE-2024-38831 is a local privilege escalation vulnerability with a CVSSv3 score of 7.8. CVE-2024-38832 …
Read More »HDFC Life hit by data breach, begins investigation
On Monday, Indian HDFC life insurance said, They got some instances of data leaks. “We have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent,” HDFC Life said in a regulatory filing. The company has started to security …
Read More »RomCom Exploits Firefox and Windows Zero-Day
According to ESET, Russia linked Ramcom exploit the two zero days of Mozilla FireFox and Microsoft Window addressed CVE 2024-9680, and 2024-49039. “In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user interaction required (zero click) …
Read More »MITRE discloses 2024 CWE Top 25 critical software flaw
MITRE identified Cross-site scripting as the most critical software flaw in its recent published report of the past year. The nonprofit published its latest ranking of the Top 25 Most Dangerous Software Weaknesses on November 20, highlighting critical flaws from the Common Weakness Enumeration (CWEs) catalog between June 2023 and …
Read More »
Cisco Talos
Over 60% of Emails with QR Codes are spam
Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people underestimate potential threats. Anti-spam filters can’t detect QR codes in images, allowing many spam emails to go unnoticed. While only 1 in 500 emails contains a QR code, around 60% …
Read More »