Monday , December 30 2024

Vulnerabilities

Uganda confirms hack of central bank accounts, Refutes $17 Million Claim

Bank of Uganda

Uganda’s finance ministry confirmed media reports that hackers breached the central bank’s systems and stole money, but refuted the claims to steal the money as much as $17 million. Uganda’s Minister of State for Finance, Henry Musasizi, addressed media reports alleging that a Southeast Asian hacker group hacked the Bank …

Read More »

CVE-2024-11667
Hackers actively exploiting Zyxel firewall to deploy Ransomware

Zyxel

CERT Germany and Zyxel have alerted about a serious vulnerability in Zyxel firewalls, identified as CVE-2024-11667. This flaw is being exploited to spread Helldown ransomware, with reports of at least five affected organizations in Germany. CVE-2024-11667 is a directory traversal vulnerability in Zyxel’s ZLD firmware versions 5.00 to 5.38. Exploiting …

Read More »

CIRT-in flags Critical Flaw in Oracle Agile PLM Framework

Oracle

CERT-In has flagged a security vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software, identified as CVE-2024-21287 and cataloged as CIVN-2024-0350. This high-risk threat was detected on November 26, 2024. CVE-2024-21287 affects Oracle Agile PLM Framework version 9.3.6, which is commonly used by organizations for managing product lifecycles and enhancing …

Read More »

Microsoft patches four vulnerabilities in its services

Microsoft

On November 26th, Microsoft patched four vulnerabilities detected in Dynamics 365 Sales, the Partner.Microsoft.Com portal, Microsoft Copilot Studio and Azure PolicyWatch. Microsoft Copilot Studio, a platform for developers to create AI agents and speed up coding with automation, had a critical vulnerability rated 9.3 out of 10 (CVE-2024-49038). Microsoft has …

Read More »

Data broker exposes 600K+ passwordless sensitive files online

red circle

SL Data Services/Propertyrec, an information research provider exposes a non-password-protected database containing more than 600K records according to the security researcher Jeremiah Fowler. The dataset contains over 713 GB records including vehicle records, property ownership reports and court records. Jeremiah Fowler said, around 95% of the limited sample of documents …

Read More »

VMware Patched critical flaw in Aria Operations

vmware

VMware revealed several critical vulnerabilities in its Aria Operations product, with the most severe allowing attackers to gain root user privileges on affected systems. The advisory, VMSA-2024-0022, released on November 26, 2024, addresses five distinct vulnerabilities: CVE-2024-38831 is a local privilege escalation vulnerability with a CVSSv3 score of 7.8. CVE-2024-38832 …

Read More »

RomCom Exploits Firefox and Windows Zero-Day

Firefox windows

According to ESET, Russia linked Ramcom exploit the two zero days of Mozilla FireFox and Microsoft Window addressed CVE 2024-9680, and 2024-49039. “In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user interaction required (zero click) …

Read More »

MITRE discloses 2024 CWE Top 25 critical software flaw

Chart

MITRE identified Cross-site scripting as the most critical software flaw in its recent published report of the past year. The nonprofit published its latest ranking of the Top 25 Most Dangerous Software Weaknesses on November 20, highlighting critical flaws from the Common Weakness Enumeration (CWEs) catalog between June 2023 and …

Read More »

Cisco Talos
Over 60% of Emails with QR Codes are spam

QR code

Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people underestimate potential threats. Anti-spam filters can’t detect QR codes in images, allowing many spam emails to go unnoticed. While only 1 in 500 emails contains a QR code, around 60% …

Read More »