U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco NX-OS Command Injection Vulnerability, tracked as CVE-2024-20399, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score […]
The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized access issues. One of these vulnerabilities is a critical source code disclosure vulnerability tracked as […]
The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported. The American newspaper revealed that the threat actors gained access to the internal discussions among researchers and other […]
Microsoft discovered two flaws in Rockwell Automation PanelView Plus that remote, unauthenticated attackers could exploit. Microsoft responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that remote, unauthenticated attackers can exploit to perform remote code execution (RCE) and denial-of-service (DoS). The RCE vulnerability in PanelView Plus involves exploiting two custom classes to upload and load […]
Brazil’s data protection authority temporarily banned Meta from using data originating in the country to train its artificial intelligence. Brazil’s data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has imposed a temporary ban on Meta from processing users’ personal data for training its artificial intelligence (AI) models. “The National Data Protection Authority (ANPD) issued […]
Technology company Splunk released security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform. Technology company Splunk addressed 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including four high-severity flaws. The vulnerability CVE-2024-36985 is a Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk […]
An international law enforcement operation code-named Operation Morpheus led to the takedown of 593 Cobalt Strike servers used by crooks. An international law enforcement operation, code-named Operation Morpheus, aimed at combatting the criminal abuse of an older, unlicensed version of the Cobalt Strike red teaming tool. The Cobalt Strike platform was developed for Adversary Simulations […]
An Australian man has been charged with carrying out ‘Evil Twin’ Wi-Fi attack during a domestic flight to steal user credentials and data. An Evil Twin Wi-Fi attack is a type of cyberattack where a threat actor sets up a rogue wireless access point that mimics a legitimate one. The goal is to trick users […]
Cisco fixed an actively exploited NX-OS zero-day, the flaw was exploited to install previously unknown malware as root on vulnerable switches. Cisco addressed an NX-OS zero-day, tracked as CVE-2024-20399 (CVSS score of 6.0), that the China-linked group Velvet Ant exploited to deploy previously unknown malware as root on vulnerable switches. The flaw resides in the […]
A critical flaw in the OpenSSH server can be exploited to achieve unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintainers addressed a critical vulnerability, tracked as CVE-2024-6387, that can lead to unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintained have addressed the vulnerability with the […]