In the digital age where surveillance devices are ubiquitous, security concerns have become paramount, especially regarding Chinese-branded IoT devices such as web cameras and DVRs. A recent wave of attacks by Remote Access Trojans (RATs) has targeted popular brands like Hikvision and Xiongmai, exploiting vulnerabilities that have yet to be patched, much to the chagrin of their users. The FBI
In the ever-evolving landscape of network security, the recent discovery of a significant flaw in Fortinet’s Wireless LAN Manager (FortiWLM) has brought to light the grave risks posed to digital infrastructures worldwide. The vulnerability, identified as CVE-2023-34990, has the potential to leak sensitive information and allow unauthorized admin access, signaling an urgent need for immediate remedial action. This flaw, with
European companies in sectors such as automotive, chemical, and industrial compound manufacturing faced a major cybersecurity threat recently, as a sophisticated phishing campaign targeted their Microsoft Azure cloud infrastructures. Conducted by a cybercriminal aiming to infiltrate these systems, the campaign involved around 20,000 phishing emails sent to employees of various firms. These emails, which peaked in June 2024, imitated DocuSign
In a recent update, the Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms by adding four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting the mounting risks associated with these security flaws. This development stresses the urgency for organizations worldwide to take immediate and proactive measures to safeguard their systems and sensitive data. The identified vulnerabilities, which
A sophisticated phishing campaign targeting European companies has recently come to light, and it is a stark reminder of the evolving threats in the cybersecurity landscape. The attack, peaking in June 2024, aims to harvest Microsoft Azure cloud credentials and compromise the victims’ cloud infrastructure. Phishing Attack Chain The campaign primarily targets automotive, chemical, and industrial compound manufacturing companies in
In recent times, viral videos circulating on the social media platform TikTok have perpetuated a hoax claiming that hackers can steal your credit card information via the iPhone’s AirDrop feature. However, this is nothing more than misinformation. These false claims suggest that a recent update to the iPhone’s AirDrop feature allows hackers to steal credit card information from Apple Wallet
In recent developments, a major phishing campaign has emerged, targeting approximately 20,000 users in the automotive, chemical, and industrial compound manufacturing sectors across Europe. The cybercriminals involved in this campaign aimed to hijack victims’ Microsoft Azure cloud infrastructure by stealing account credentials. The complexity and scale of the attacks highlight the growing sophistication of cyber threats and underscore the critical
BeyondTrust has recently disclosed a serious security vulnerability in its Privileged Remote Access (PRA) and Remote Support (RS) products. This flaw, identified as CVE-2024-12356 and given a CVSS score of 9.8, allows attackers to inject arbitrary commands, potentially leading to unauthorized execution of commands on target systems. With such severe implications, it highlights the necessity for immediate attention and remediation.
A critical security vulnerability has been identified in the Apache Struts framework, known as CVE-2024-53677, posing a grave threat to systems that rely on this popular software. This flaw has been assigned a severity score of 9.5 out of 10 on the Common Vulnerability Scoring System (CVSS), indicating it is highly dangerous and can be exploited by threat actors to
In December 2024, Rhode Island’s public benefits data was compromised in a ransomware attack by the Brain Cipher group. The attack targeted the RIBridges system, managed by Deloitte, which is used for handling public benefits in the state. This breach has raised significant concerns about the protection of sensitive data and the effectiveness of cybersecurity measures in place. The Attack
In a rapidly evolving cybersecurity landscape, Microsoft Sentinel has emerged as a crucial player, introducing a groundbreaking agentless integration capability specifically tailored for SAP workloads. SAP landscapes, with their expansive and critical nature, constantly face vulnerabilities that can be weaponized swiftly, leading to severe consequences. This new capability directly addresses the urgent need for robust security measures by utilizing the
In an alarming development, Rhode Island’s primary benefits system, RIBridges, has been compromised following a presumed ransomware attack on Deloitte, which operates the system. This breach potentially exposes personal details of thousands of state residents, including names, addresses, birth dates, Social Security numbers, and banking information. According to the governor’s office, anyone who has applied for health coverage or other
