In a recent discovery by watchTowr researchers, a critical vulnerability has been identified within the Citrix Virtual Apps and Desktops’ Session Recording component, causing significant concerns in the cybersecurity community. This vulnerability potentially allows remote code execution (RCE) attacks, referenced as CVE-2024-8068 and CVE-2024-8069. It arises from a misconfigured instance of Microsoft Message Queuing (MSMQ) and the insecure use of
In a significant development for Amazon Web Services (AWS) users, Sweet Security has unveiled its state-of-the-art Cloud Native Detection & Response (D&R) platform on the AWS Marketplace. This advancement ensures that AWS users can seamlessly incorporate Sweet’s advanced detection and response capabilities into their cloud environments without hassle. Key Features of Sweet Security’s Platform Sweet Security stands out for its
The recent security disclosure from Microsoft has revealed a critical vulnerability within Active Directory Certificate Services (AD CS), specifically tagged as CVE-2024-49019. This Elevation of Privilege (EoP) flaw poses significant risks to enterprises, potentially allowing attackers to gain domain administrator privileges if successfully exploited. Enterprises that rely heavily on AD CS for managing digital certificates are particularly vulnerable, especially because
The Amazon MOVEit leaker, who has made waves in the cybersecurity world, claims to be an ethical hacker with the goal of exposing vulnerabilities to improve security rather than causing harm. This individual has managed to breach the MOVEit file transfer service, a tool used by prominent companies like Amazon, and has leaked sensitive information, raising significant concerns about data
Bitcoin has long been a subject of intense scrutiny and skepticism, particularly during periods of market downturns or regulatory challenges. Critics often proclaim the cryptocurrency’s imminent demise, yet Bitcoin continues to demonstrate remarkable resilience and growth. This article delves into the recurring narrative of "Bitcoin is dead" and counters it with evidence of Bitcoin’s enduring market presence and performance. Persistent
In the midst of a robust rally across the broader cryptocurrency market, Ripple’s XRP has conspicuously lagged behind, causing growing frustration among its holders. Over the past few months, numerous altcoins have demonstrated remarkable gains, yet XRP’s growth has remained relatively modest. This underperformance is particularly glaring when contrasted with the surge in other digital assets, such as Dogecoin (DOGE),
In a strategic move to refine and elevate the payment experience for online shoppers, Adyen, a global financial technology platform, has partnered with Zalando, a prominent European online multi-brand fashion retailer. This collaboration designates Adyen as Zalando’s exclusive local payment partner in 15 European countries, including handling specific local payment methods like Cartes Bancaires in France and Bancontact in Belgium.
Google Cloud has issued a significant warning about the escalating threat posed by artificial intelligence (AI), suggesting that the malicious deployment of AI technologies will intensify in the coming years. Despite the initial apocalyptic predictions by some analysts not materializing, researchers believe that AI’s threat landscape will become more sophisticated and widespread by 2025, necessitating new defensive strategies. AI Escalation
The notorious Lazarus Advanced Persistent Threat (APT) group has once again caught the attention of cybersecurity experts with their latest method of infiltrating macOS systems. In defiance of standard defenses, they utilize custom extended attributes to smuggle malicious code onto unsuspecting systems. This innovative technique, observed by cybersecurity firm Group-IB, facilitates the malware staying concealed and undetected within the target
A newly patched security flaw in Windows NT LAN Manager (NTLM) has recently come under the spotlight due to its exploitation as a zero-day vulnerability by a suspected Russia-linked cyber actor. This flaw, identified as CVE-2024-43451 and carrying a CVSS score of 6.5, enables attackers to steal a user’s NTLMv2 hash with minimal user interaction with a malicious file. Such
The cybersecurity landscape is constantly evolving, with new threats emerging and existing vulnerabilities being exploited. Recent incidents have highlighted the challenges faced by organizations in securing their digital environments. This article delves into Fortinet’s incomplete patch for the FortiJump vulnerability, significant data breaches, and the rising cyber risks in various sectors. Fortinet’s Inadequate FortiJump Patch WatchTowr’s Findings Researchers from WatchTowr
MoonPay, a leading global crypto payments company, has announced the launch of MoonPay Balance, a revolutionary payment solution aimed at bringing the convenience of fiat balances to the decentralized crypto ecosystem. Previously, fiat balances were exclusive to centralized exchanges and traditional fintech platforms such as Coinbase, Revolut, and Robinhood. Now, MoonPay is transforming the landscape by introducing this payment method
