Top 5 Most Notable Cyber Attacks in December 2024
The cybersecurity research team at ANY.RUN, leveraging their Interactive Sandbox and Threat Intelligence Lookup tools, has uncovered and analyzed a range of emerging threats throughout…
Category: CyberSecurityNews
Apache MINA Vulnerability Let Attackers Execute Remote Code
A new critical vulnerability (CVE-2024-52046) has been discovered in Apache MINA, potentially allowing attackers to execute remote code by exploiting insecure deserialization processes. This flaw…
Dell SupportAssist Vulnerability Let Attackers Escalate Privileges
A newly disclosed high-impact vulnerability in Dell’s widely used SupportAssist software could allow attackers to escalate privileges on affected systems. Identified as CVE-2024-52535, the vulnerability has…
IBM AIX Vulnerability Let Attackers Trigger DoS Condition
IBM has reported vulnerabilities in its AIX operating system that could allow attackers to cause a Denial of Service (DoS) condition. The identified vulnerabilities affect…
Researchers Uncovered Dark Web Operation Acquiring KYC Details
iProov, a leading provider of biometric identity verification solutions, has uncovered a covert dark web operation aimed at undermining Know Your Customer (KYC) protocols. Detailed…
Japan Airlines System Hit by Cyber Attack, Flight Operations Affected
Japan Airlines (JAL), the nation’s second-largest airline, reported a significant cyberattack on its systems early Thursday morning, causing disruptions to both domestic and international flight…
New Sophisticated Attack Weaponizes Windows Defender to Bypass EDR
A sophisticated attack technique that weaponizes Windows Defender Application Control (WDAC) to disable Endpoint Detection and Response (EDR) sensors on Windows machines. WDAC, a technology…
Apache Traffic Control Vulnerability Let Attackers Inject Malicious SQL Commands
A critical SQL injection vulnerability, identified as CVE-2024-45387, has been discovered in Apache Traffic Control, a widely used open-source platform for managing large-scale content delivery…
Postman Data Leak – 30,000 Publicly Accessible Workspaces Could Lead Massive Hack
Researchers uncovered a widespread and alarming trend involving data leaks from Postman, a widely used cloud-based API development and testing platform. The investigation reveals that…
Apache HugeGraph-Server Vulnerability Lets Attackers Bypass Authentication
A new security vulnerability, CVE-2024-43441, has been identified in Apache HugeGraph-Server, a widely used open-source graph database system. This flaw, classified as an Authentication Bypass…
OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organizations
The Iranian state-sponsored hacking group OilRig, also known as APT34, has intensified its cyber espionage activities, targeting critical infrastructure and government entities in the United…
Two New Malicious PyPI packages Attacking Users to Steal Login Details
Two malicious Python Package Index (PyPI) packages: Zebo-0.1.0 and Cometlogger-0.1, have been identified, posing a significant threat to user security. These packages, uploaded in November 2024, exploit…