Cisco warns of critical RCE zero-days in end of life IP phones
Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500…
Month: August 2024
Tricky Web Timing Attacks Are Getting Easier to Use—and Abuse
Researchers have long known that they can glean hidden information about the inner workings of a website by measuring the amount of time different requests…
Stolen data from scraping service National Public Data leaked online
Cybercriminals are offering a large database for sale that may include your data without you even being aware of its existence. The stolen data comes…
Browser vulnerability can be used to breach local networks – Security
Security researchers have uncovered a browser vulnerability impacting MacOS and Linux users that can be used to breach local networks. The vulnerability, reported to browser…
Trend Micro explores sale – Security
Trend Micro, a Japanese cyber security firm with a market value of about 950 billion yen ($9.9 billion), is exploring a sale after attracting buyout…
CISA warns about actively exploited Apache OFBiz RCE flaw
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. Apache OFBiz (Open…
0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers
0.0.0.0 Day flaw allows malicious websites to bypass security in major browsers Pierluigi Paganini August 08, 2024 An 18-year-old bug, dubbed “0.0.0.0 Day,” allows malicious…
Exploit released for Cisco SSM bug allowing admin password changes
Cisco warns that exploit code is now available for a maximum severity vulnerability that lets attackers change any user password on unpatched Cisco Smart Software…
BlackSuit ransomware behind over $500 million in ransom demands
CISA and the FBI confirmed today that the Royal ransomware rebranded to BlackSuit and has demanded over $500 million from victims since it emerged more…
5 Malware Analysis Challenges Solved by an Interactive Sandbox
Malware analysis can be challenging, as it often requires in-depth theoretical knowledge and advanced skills. Tools like an interactive sandbox help simplify it, making sophisticated…
Microsoft’s AI Can Be Turned Into an Automated Phishing Machine
Among the other attacks created by Bargury is a demonstration of how a hacker—who, again, must already have hijacked an email account—can gain access to…
Chip Flaw ‘GhostWrite’ Steals Data from CPU Memory
Black Hat USA 2024: Critical RISC-V CPU vulnerability discovered. Dubbed GhostWrite; attackers can exploit this flaw to steal sensitive data from memory. Learn how this…