Search.AI.Wiki

Category: hacking

Ongoing Xurum attacks target Magento 2 e-stores

Experts warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites using Adobe’s Magento 2 CMS.

Akamai researchers warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites running the Magento 2 CMS.

The attackers are actively exploiting a server-side template injection …

Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach

The Colorado Department of Health Care Policy & Financing (HCPF) disclose a data breach after MOVEit attack on IBM.

The Colorado Department of Health Care Policy & Financing (HCPF) disclosed a data breach that impacted more than four million individuals. …

Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach

The Colorado Department of Health Care Policy & Financing (HCPF) disclose a data breach after MOVEit attack on IBM.

The Colorado Department of Health Care Policy & Financing (HCPF) disclosed a data breach that impacted more than four million individuals. …

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) can expose to several attacks.

Researchers from security firm SySS discovered multiple vulnerabilities in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) that could be exploited by …

Experts found multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP)

Multiple flaws in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) can expose to several attacks.

Researchers from security firm SySS discovered multiple vulnerabilities in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) that could be exploited by …

Nine flaws in CyberPower and Dataprobe solutions expose data centers to hacking

Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking.

Researchers from Trellix Advanced Research Center discovered multiple vulnerabilities impacting CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power …

Multiple flaws in CODESYS V3 SDK could lead to RCE or DoS

16 vulnerabilities in Codesys products could result in remote code execution and DoS attacks exposing OT environments to hacking.

Microsoft Threat Intelligence researchers discovered 16 high-severity vulnerabilities, collectively tracked as CoDe16, in the CODESYS V3 software development kit (SDK). An …

Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Police

The DHS’s CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accounts

The DHS’s CSRB will review cloud security practices following recent hacks of Microsoft Exchange accounts used by US govt agencies.

The US DHS announced that the Cyber Safety Review Board (CSRB) will review the security measure to protect cloud computing …

Police dismantled bulletproof hosting service provider Lolek Hosted

A joint operation conducted by European and U.S. law enforcement agencies dismantled the bulletproof hosting service provider Lolek Hosted.

Lolek Hosted is a bulletproof hosting service provider used to facilitate the distribution of information-stealing malware, and also to launch DDoS …

Python URL parsing function flaw can enable command execution

A severe vulnerability in the Python URL parsing function can be exploited to gain arbitrary file reads and command execution.

Researchers warn of a high-severity security vulnerability, tracked as CVE-2023-24329 (CVSS score of 7.5), has been disclosed in the Python …

Power Generator in South Africa hit with DroxiDat and Cobalt Strike

Threat actors employed a new variant of the SystemBC malware, named DroxiDat, in attacks aimed at African critical infrastructure.

Researchers from Kaspersky’s Global Research and Analysis Team (GReAT) reported that an unknown threat actor used a new variant of the …

Gafgyt botnet is targeting EoL Zyxel routers

Researchers warn that the Gafgyt botnet is actively exploiting a vulnerability impacting the end-of-life Zyxel P660HN-T1A router.

A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel …

Gafgyt botnet is targeting EoL Zyxel routers

Researchers warn that the Gafgyt botnet is actively exploiting a vulnerability impacting the end-of-life Zyxel P660HN-T1A router.

A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel …

Charming Kitten APT is targeting Iranian dissidents in Germany

Germany’s Federal Office for the Protection of the Constitution (BfV) warns that the Charming Kitten APT group targeted Iranian dissidents in the country.

The Federal Office for the Protection of the Constitution (BfV) is warning that an alleged nation-state actor …

Charming Kitten APT is targeting Iranian dissidents in Germany

Germany’s Federal Office for the Protection of the Constitution (BfV) warns that the Charming Kitten APT group targeted Iranian dissidents in the country.

The Federal Office for the Protection of the Constitution (BfV) is warning that an alleged nation-state actor …

Statc Stealer, a new sophisticated info-stealing malware

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information.

Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from …

CISA discovered a new backdoor, named Whirlpool, used in Barracuda ESG attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) observed a new backdoor, named Whirlpool, in attacks on Barracuda ESG appliances.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor, named Whirlpool, that was employed in attacks …

CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalog

US CISA added zero-day vulnerability CVE-2023-38180 affecting .NET and Visual Studio to its Known Exploited Vulnerabilities catalog.

US Cybersecurity and Infrastructure Security Agency (CISA) added an actively exploited zero-day vulnerability CVE-2023-38180 (CVSS score 7.5) affecting .NET and Visual Studio to …

US Govt launches Artificial Intelligence Cyber Challenge

The US Government House this week launched an Artificial Intelligence Cyber Challenge competition for creating a new generation of AI systems.

On Wednesday, the United States Government House introduced an Artificial Intelligence Cyber Challenge competition. The two-year competition aims to …
文 » A