27 DDoS-for hire platforms seized by law enforcement
As part of an ongoing international crackdown known as Operation PowerOFF, international law enforcement has seized over two dozen platforms used to carry out Distributed…
Author: Cybernoz
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
Dec 12, 2024Ravie LakshmananWebsite Security / Vulnerability Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable…
Malichus Malware Exploiting Cleo 0-Day Vulnerability In Wild
Threat actors are actively exploiting a critical zero-day vulnerability (CVE-2024-50623) in Cleo’s file transfer products Harmony, VLTrader, and LexiComis. The flaw, stemming from an unrestricted…
We must adjust expectations for the CISO role
Cybersecurity has become one of the most high-stakes facets of business operations in the past few years. The chief information security officer (CISO) role, once…
Europol Shuts Down 27 DDoS Attack Platform Providers, Admins Arrested
Law enforcement agencies worldwide have disrupted a holiday tradition of launching Distributed Denial-of-Service (DDoS) attacks in a major blow to cybercriminals. As part of Operation…
GitLab Security Update, Patch for Critical Vulnerabilities
GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The newly released versions 17.6.2, 17.5.4, and 17.4.6…
Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor
Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor Pierluigi Paganini December 12, 2024 Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to infect systems in…
ChatGPT Down Globally, Services Restored After Hours Of Outage
In a significant disruption, OpenAI’s popular AI chatbot, ChatGPT, experienced a global outage on Thursday morning, leaving millions of users unable to access its services…
BadRAM Attack Breaches AMD Secure VMs with $10 Device
Researchers have uncovered a vulnerability that allows attackers to compromise AMD’s Secure Encrypted Virtualization (SEV) technology using a $10 device. This breakthrough exposes a previously…
Post Office scandal in 2024 – part 2: Capture, the prequel
Years before the controversial Horizon system was introduced in 1999, subpostmasters who used a Post Office system known as Capture suffered unexplained branch account shortfalls…
Apache Struts RCE Vulnerability Exposes Servers to Malicious File Uploads
A critical security vulnerability has been discovered in Apache Struts 2, a popular open-source web application framework, potentially exposing numerous organizations to severe cyber threats.…
Splunk RCE Vulnerability Let Attackers Execute Remote Code
Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution (RCE) vulnerability. This flaw, identified as CVE-2024-53247, affects several versions of…