Cyber Security News

Ivanti Virtual Traffic Manager has been discovered with a critical vulnerability which was associated with authentication bypass. This vulnerability has been assigned with CVE-2024-7593 and the severity was given as 9.8 (Critical). However, Ivanti has patched this vulnerability and released a security advisory to address it. Ivanti confirmed that there is no evidence of active […]

The post Ivanti Virtual Traffic Manager Flaw Let Hackers Create Rogue Admin Accounts appeared first on Cyber Security News.

Microsoft has released an urgent security update to address a critical remote code execution vulnerability in the Windows TCP/IP stack. The flaw tracked as CVE-2024-38063, affects all supported Windows and Windows Server versions, including Server Core installations. CVE-2024-38063 is a remote code execution vulnerability in Windows TCP/IP with a maximum severity rating of Critical and […]

The post Critical 0-Click RCE in Windows TCP/IP Stack Impacts All Systems appeared first on Cyber Security News.

Zoom Video Communications has disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients. These vulnerabilities, identified in multiple security bulletins, potentially allow attackers to escalate privileges on affected systems. The vulnerabilities highlight significant risks for users across various platforms, including Windows, macOS, Linux, iOS, and Android. CVE-2024-39825 & CVE-2024-39818 are particularly concerning […]

The post Zoom Critical Vulnerabilities Let Attackers Escalate Privileges appeared first on Cyber Security News.

Microsoft has released its August 2024 Patch Tuesday update to address 90 security vulnerabilities. The update includes fixes for six zero-day flaws actively exploited across various products and services, such as Windows, Office, Azure, Dynamics, and Edge. The high number of zero-day vulnerabilities, especially those already being actively exploited, makes this a particularly critical Patch […]

The post Microsoft Patches 6 Zero-Days That Threat Actors Actively Exploiting appeared first on Cyber Security News.

Security researchers at Perception Point have uncovered a sophisticated phishing campaign, dubbed “Uncle Scam.” In this AI-powered campaign, threat actors impersonate U.S. government agencies to send fraudulent tender invitations to numerous American enterprises. The attackers employ advanced techniques, including interactive kits and large language models (LLMs), to create highly convincing phishing emails. The phishing operation […]

The post Operation Uncle Scam – AI-Powered Phishing Attack Steals Microsoft Dynamics 365 Credentials appeared first on Cyber Security News.

Morphisec researchers have recently uncovered a critical vulnerability in Microsoft Outlook, identified as CVE-2024-30103. It can execute malicious code as soon as an email is opened. We will explore the technical aspects of CVE-2024-30103, examining how this vulnerability can be exploited and assessing its potential impact on your systems. This vulnerability presents a significant security […]

The post 0-Click Outlook Vulnerability Triggered RCE When Email is Opened – Technical Analysis appeared first on Cyber Security News.

International authorities have successfully seized the servers associated with the notorious Dispossessor ransomware group. This operation marks a critical step in combating ransomware attacks that have plagued individuals, businesses, and institutions worldwide. According to the tweet from MonThreat, the takedown comes amidst growing concerns over the increasing sophistication of cyber threats, including the recent emergence […]

The post New Banshee MacOS Stealer Attacking Users to Steal Keychain Data appeared first on Cyber Security News.

A critical security vulnerability, identified as CVE-2024-22116, has been patched in Zabbix, a popular monitoring solution. The vulnerability allowed an administrator with restricted permissions to execute arbitrary code via the Ping script in the Monitoring Hosts section, potentially compromising the infrastructure. The vulnerability, which had a CVSS score of 9.9, was discovered by justonezero, a […]

The post Zabbix Server Vulnerability Lets Attacker Execute Arbitrary Code Via Ping Script appeared first on Cyber Security News.

Akamai researchers have delved into the often-overlooked threat of VPN post-exploitation, highlighting techniques that threat actors can use to escalate their intrusion after compromising a VPN server. The study focuses on vulnerabilities and no-fix techniques affecting Ivanti Connect Secure and FortiGate VPNs, potentially allowing attackers to gain control over other critical network assets. VPN servers […]

The post Post-Exploitation Tactics Hackers Use After Compromising Ivanti, Fortigate VPN Servers appeared first on Cyber Security News.

Hackers often target the Solana Python API ecosystem to exploit vulnerabilities in decentralized applications, access private keys, or manipulate transactions on the Solana blockchain. Recently the Solana Python API ecosystem was targeted by a typosquatting attack (tagged as sonatype-2024-3214). The official Solana Python API project, known as “solana-py” on GitHub but listed as “solana” on […]

The post Beware Of Malicious Typosquat Package That Steals Your Secret Keys appeared first on Cyber Security News.

A Sinkclose vulnerability, which has been detected in AMD processors for decades, lets hackers obtain access to some of the most privileged areas of a computer. It allows malware to infiltrate a computer’s memory so deeply that, in many situations, it could be quicker to destroy the device than disinfect it. The vulnerability allows hackers […]

The post AMD Sinkclose Vulnerability Lets Attackers Most Privileged Portions Of a Computer appeared first on Cyber Security News.

Law enforcement has been attacking cyber threat actors for quite some time now. The FBI has taken down several servers belonging to multiple threat actors to disrupt their malicious operations. However, the FBI announced the Shutdown of a Ransomware group named “Radar/Dispossessor”. This ransomware group was reportedly run by a person who goes by the […]

The post FBI Shuts Down Dispossessor Ransomware Operations, Domains Dismantled appeared first on Cyber Security News.

A newly discovered vulnerability in the Common Log File System (CLFS.sys) driver of Windows has been identified, potentially affecting millions of devices running Windows 10, Windows 11, and various Windows Server versions. Tracked as CVE-2024-6768, this vulnerability allows a malicious authenticated low-privilege user to trigger a Blue Screen of Death (BSOD) through a forced call […]

The post CLFS Vulnerability Let Hackers Trigger BSOD Error On All Versions Of Windows 10 & 11 appeared first on Cyber Security News.

Hackers masquerading as the Security Service of Ukraine have compromised over 100 government systems. The Computer Emergency Response Team of Ukraine (CERT-UA) at the State Service of Special Communications and Information Protection (SSSCIP) reported the incident on August 12, highlighting the sophisticated tactics employed by the attackers. Malicious Emails Target Government Bodies The attack began […]

The post Hackers Posing as Security Service Compromised 100 Govt Systems appeared first on Cyber Security News.

Elon Musk, who owns the social media platform X (which used to be called Twitter), said that the platform was hit by a massive Distributed Denial-of-Service (DDoS) attack. This happened at the same time as a planned live interview with former President Donald Trump. The attack aimed to disrupt X’s services by overwhelming it with […]

The post Elon Musk Reports Massive DDoS Attack on X Amid Trump Interview appeared first on Cyber Security News.

Researchers have uncovered a sophisticated phishing marketplace, the ONNX Store, which provides cybercriminals with advanced tools to hijack Microsoft 365 accounts. Alarmingly, these tools include methods for bypassing two-factor authentication (2FA), a critical security measure that many organizations rely on to protect sensitive information. This discovery underscores the urgent need for corporate information security teams […]

The post ONNX Bot Tool Hijacks Microsoft 365 accounts & Even Bypass 2FA appeared first on Cyber Security News.

Criminal IP, an expanding Cyber Threat Intelligence (CTI) search engine from AI SPERA, has recently completed its technology integration with Maltego, a global all-in-one investigation platform that specializes in visualized analysis of combined cyber data. This collaboration integrates Criminal IP’s comprehensive database of malicious IPs, domains, and CVEs directly into Maltego’s unified user interface and […]

The post Criminal IP and Maltego Collaborate to Broaden Threat Intelligence Data Search appeared first on Cyber Security News.

In the beginning of August 2024, Sonos released a security advisory in which they fixed two security vulnerabilities that were associated with Remote Code Execution. These vulnerabilities have been assigned with CVE-2023-50810 and CVE-2023-50809.  These vulnerabilities were existing in Sonos One and Sonos Era-100 Bluetooth speakers which could allow a threat actor to record the […]

The post Sonos Smart Speaker Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

The threat landscape is significantly evolving, and cybersecurity researchers are continuously developing new security mechanisms to mitigate such evolving and sophisticated threats. Cybersecurity researchers Lloyd Fournier, Nick Farrow, and Robin Linus recently discovered a new Dark Skippy attack that enables hackers to steal secret keys from signing devices. While it was discovered on the 8th […]

The post New Dark Skippy Attack Let Hackers Steal Secret Keys From Signing Device appeared first on Cyber Security News.

Endpoint security tools are software applications that protect endpoints such as desktops, laptops, and mobile devices from cybersecurity threats. These tools secure entry points of end-user devices from being exploited by malicious actors. They commonly include features like antivirus, anti-malware, firewall policies, and intrusion detection systems. Modern endpoint security solutions may also incorporate advanced technologies […]

The post 10 Best Advanced Endpoint Security Tools – 2024 appeared first on Cyber Security News.