Aggregator

A vulnerability, which was classified as critical, has been found in Cybonet PineApp Mail Relay. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-41695. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

In March 2024, a new variant of the AcidRain wiper malware dubbed “AcidPour” was noticed. It targets Linux data storage devices and permanently erases data from the targeted systems, making them inoperative. It targets crucial sectors of Linux devices such as SCSI SATA, Memory Technology Devices (MTD), MultiMediaCard Storage, DMSETUP, and Unsorted Block Image devices, […]

The post AcidPour Malware Attacking Linux Data Storage Devices To Wipe Out Data appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Auto manufacturers are just starting to realize the problems of supporting the software in older models:

Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servicing products seven years after they stop selling them.

That might not cut it in the auto world, where the average age of cars on US roads is only going up. A recent report found that cars and trucks just reached a new record average age of 12.6 years, up two months from 2023. That means the car software hitting the road today needs to work­—and maybe even improve—­beyond 2036. The average length of smartphone ownership is just ...

The post Providing Security Updates to Automobile Software appeared first on Security Boulevard.

Cybersecurity researchers have detailed widespread phishing campaigns targeting small and medium-sized businesses (SMBs) in Poland during May 2024 that led to the deployment of several malware families like Agent Tesla, Formbook, and Remcos RAT. Some of the other regions targeted by the campaigns include Italy and Romania, according to cybersecurity firm ESET. "Attackers used previously

Progress Software has disclosed a new high-severity vulnerability in its MOVEit Transfer file transfer solution that could allow attackers to escalate privileges through improper authentication. The vulnerability, tracked as CVE-2024-6576 with a CVSS score of 7.3, affects the SFTP module of MOVEit Transfer. The security flaw impacts multiple versions of MOVEit Transfer, including: According to […]

The post New MOVEit File Transfer Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

The ICO found that the Electoral Commission did not have appropriate security measures in place, allowing hackers to access the personal details of 40 million UK voters

Международное сообщество разделилось в оценке проекта договора.

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  The deep and dark web, otherwise known as the cybercriminal underground, is where malicious actors gather to

导致多地网络出现“显著减速”

Cobalt Strike и Pypykatz открывают путь к полному контролю над сетью.

A threat actor has allegedly claimed responsibility for breaching Cyepro Solutions, a company known for its cloud solutions tailored to the automotive sales industry. The breach, reportedly in July 2024, has potentially compromised the personal information of approximately 97,000 individuals. Breach Details Emerge The news broke when Dark Web Intelligence, a well-known entity in the […]

The post Threat Actor Allegedly Claiming Breach of Cyepr appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

【开奖】批量查询工具权限已开通

分享近期值得关注的IOC

BerBeroka组织由友商趋势科技披露，与DRBControl、TAG33等同源，我们将其与内部团伙合并后一直沿用该名称持续跟踪至今，针对我国金融、医院医疗、游戏等行业攻击，受害规模远超我们之前披露的APT-Q-29和BlackTech

How to avoid malware sent using scam ‘missed parcel’ SMS messages, and what to do if your phone is already infected.

作者：phith0n 原文链接：https://www.leavesongs.com/PENETRATION/nashorn-rce-without-parentheses.html 近期有用户提了一个有趣的问题： 简单来说就是，在Java的Nashorn脚本中，如果不允许使用小括号(、)和中括号[、]，如何执行任意命令？ 1 浏览器JavaScript无括号XSS 我们知道，Nas...

Cybersecurity firm Group-IB has uncovered a sophisticated cybercrime operation targeting Spanish banking customers. The criminal group GXC Team has been using AI-powered phishing tools and Android malware to steal sensitive banking information. This article delves into the GXC Team’s operational methods, the unique characteristics of its malicious tools, its attack strategies, and its effective defense […]

The post Hacker Attacking Bank Users With AI-powered Phishing Tools and Android Malware appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

在补天白帽大会，白帽师傅们不是观众，是共建者!

额外奖励金最高1000元~