Saturday , December 21 2024

Vulnerabilities

“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

military

Renowned cybersecurity researcher Jeremiah Fowler uncovered a non-password-protected database having over 1.1 million records linked to Conduitor Limited (Forces Penpals). This platform provides dating services and social networking for US and UK military personnel and their supporters. Jeremiah Fowler revealed that the publicly accessible database lacked password protection and encryption. …

Read More »

CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE

trend micro

Trend Micro released a security update for Deep Security 20 Agent Manual Scan Command Injection RCE Vulnerability (CVE-2024-51503) that resolves a manual scan command injection remote code execution (RCE) vulnerability. On 18 November, Trend Micro released the update Severity rating level “High”, CVSS 3.0 score: 8.0. Vulnerability Details: CVE-2024-51503: Security …

Read More »

Apple Releases Patch for two Actively Exploited Zero-Day

apple

Apple released critical updates for its various products including for iOS, iPadOS, macOS, visionOS, and Safari to fix two zero-day vulnerabilities actively being exploited in the wild. The flaws are listed below: CVE-2024-44309 : A vulnerability in cookie handling that could allow a cross-site scripting (XSS) attack when processing harmful …

Read More »

“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data

diagram

“Sarcoma” ransomware group attacked a well known Bangladeshi insurance company named “Popular life insurance company ltd”. The threat actor keeps an option to release the full data if their demand doesn’t meet up within 5 days. According to the threat actor, approximately 36 GB of data, including attachments and SQL …

Read More »

TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely

TP LINK

A serious security flaw has been found in some TP-Link routers, potentially enabling hackers to remotely access the affected devices.The vulnerability CVE-2024-11237 impacts TP-Link VN020 F3v(T) routers with firmware TT_V6.2.1021, mainly used by Tunisie Telecom and Topnet ISPs. Routers similar to those used in Algeria and Morocco are vulnerable to …

Read More »

WSJ reports
T-Mobile hacked in massive breach of telecom networks

T mobile

The Wall Street Journal reported on Friday citing people familiar with the matter that T-Mobile’s network was among the systems hacked in a damaging Chinese cyber-espionage operation that successfully gained entry into multiple U.S. and international telecommunications companies. Hackers were able to breach T-Mobile as part of a monthslong campaign …

Read More »

Palo Alto Networks Confirms critical RCE zero-day actively exploited

paloalto

“Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet. We are actively investigating this activity,” reads the security bulletin by the cybersecurity provider Palo Alto Networks. On November 8, Palo Alto …

Read More »

(CVE-2024-52301)
Laravel Flaw Unveils Millions of Web Applications to Attack

laravel

A significant security flaw, CVE-2024-52301, has been found in the Laravel framework, which is widely used for web applications. With a CVSS rating of 8.7, this vulnerability could allow unauthorized access, data tampering, and privilege escalation in many Laravel applications. CVE-2024-52301 pertains to inadequate input validation in Laravel’s environment configuration. …

Read More »

Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws

windows

Microsoft’s latest Patch Tuesday update fixes 89 security vulnerabilities. Four of these are zero-day vulnerabilities, with two currently being exploited. This patch release highlights the need for timely updates to guard against cyber threats. Zero-Day Vulnerabilities Patched: The four zero-day vulnerabilities patched in this update include two that attackers have …

Read More »

CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

Women

On November 7, 2024, CISA released advisories about 3 critical security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS). ICSA-24-312-01 Beckhoff Automation TwinCAT Package Manager: CISA has identified a serious vulnerability in Beckhoff Automation’s TwinCAT Package Manager, a key software in manufacturing. The flaw, called CVE-2024-8934, relates to …

Read More »