Cisco fixes root escalation vulnerability with public exploit code
Cisco has fixed a command injection vulnerability with public exploit code that lets attackers escalate privileges to root on vulnerable systems. Tracked as CVE-2024-20469, the…
Category: Bleeping Computer
New Eucleak attack lets threat actors clone YubiKey FIDO keys
A new “EUCLEAK” flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico’s YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital…
Hackers inject malicious JS in Cisco store to steal credit cards, credentials
Cisco’s site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details…
Google backports fix for Pixel EoP flaw to other Android devices
Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously…
Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security
AI SPERA, a leading Cyber Threat Intelligence (CTI) company, has achieved PCI DSS v4.0 certification for its flagship search engine solution, Criminal IP. This accomplishment…
Revival Hijack supply-chain attack threatens 22,000 PyPI packages
Threat actors are utilizing an attack called “Revival Hijack,” where they register new PyPi projects using the names of previously deleted packages to conduct supply…
Zyxel warns of critical OS command injection flaw in routers
Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command…
Over $110 million lost to Bitcoin ATM scams in 2023
The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and…
Verkada to pay $2.95 million for alleged CAN-SPAM Act violations
The Federal Trade Commission (FTC) requires security camera vendor Verkada to create a comprehensive information security program as part of a settlement after multiple security…
New Windows PowerToy launches, repositions apps to saved layouts
Microsoft has released a new Workspaces PowerToy that helps launch sets of applications using custom desktop layouts and configurations with a mouse click. The tool…
FBI warns crypto firms of aggressive social engineering attacks
The FBI warned today of North Korean hacking groups aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks to deploy malware designed to…
Clearview AI fined €30.5 million for unlawful data collection
The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including…