Cyber Security News

Two vulnerabilities have been discovered in BIG-IP, which are associated with Insufficient Session Fixation and Expired Pointer Dereference. These vulnerabilities have been assigned to CVE-2024-39809 and CVE-2024-39792, and the severity was given as 7.5 (High). Moreover, these vulnerabilities were affecting BIG-IP Next Central Manager and NGINX MQTT (Message Queuing Telemetry Transport). F5 has addressed these […]

The post Multiple F5 Flaws Let Attackers Login With User Session & Cause DoS Attack appeared first on Cyber Security News.

BlindEagle (APT-C-36) is a Latin American Advanced Persistent Threat group that has been active since 2018. It targets the governmental, financial, and energy sectors in Colombia, Ecuador, Chile, Panama, and other regional countries.  BlindEagle is known for employing straightforward yet impactful techniques; the group demonstrates versatility in switching between financially motivated attacks and espionage operations. […]

The post New APT Group BlindEagle Attacking Multiple Organizations Via Weaponized Emails appeared first on Cyber Security News.

A severe security flaw has been discovered in GiveWP, a popular WordPress donation plugin with over 100,000 active installations. The vulnerability, classified as an unauthenticated PHP Object Injection leading to Remote Code Execution (RCE), was responsibly reported through the Wordfence Bug Bounty Program on May 26th, 2024. The critical vulnerability, assigned CVE-2024-5932 with a CVSS […]

The post Critical WordPress Plugin RCE Vulnerability Impacts 100k+ Sites appeared first on Cyber Security News.

The Raspberry Pi Foundation has unveiled a new addition to its popular single-board computer lineup – the Raspberry Pi 5 2GB model, priced at an affordable $50. This latest offering continues the foundation’s mission to make high-performance computing accessible to a wider audience. The new 2GB variant is built on a cost-optimized D0 stepping of […]

The post Raspberry Pi Foundation Launches 2GB Variant for Just $50 appeared first on Cyber Security News.

The Federal Bureau of Investigation (FBI), in collaboration with the Office of the Director of National Intelligence (ODNI) and the Cybersecurity and Infrastructure Security Agency (CISA), has confirmed that Iranian hackers were responsible for a recent cyberattack targeting former President Donald Trump’s campaign. This revelation underscores the ongoing threat of foreign interference in U.S. elections, […]

The post FBI Investigation Confirms that Iran Hackers Behind Trump Campaign Hack appeared first on Cyber Security News.

A proof-of-concept (PoC) exploit has been publicly released for a pair of critical zero-day vulnerabilities in Microsoft Windows that enable a novel “downgrade attack.” The flaws tracked as CVE-2024-38202 and CVE-2024-21302 were originally disclosed by SafeBreach researcher Alon Leviev at Black Hat USA 2024 and DEF CON 32 earlier this month. The vulnerabilities allow an […]

The post PoC Exploit Released for Windows 0-Day Downgrade Attack appeared first on Cyber Security News.

Mandiant recently disclosed a critical vulnerability in Microsoft Azure Kubernetes Services (AKS) that could have allowed attackers to escalate privileges and access sensitive credentials within affected clusters. The vulnerability impacted AKS clusters using “Azure CNI” for network configuration and “Azure” for network policy. An attacker with command execution in a Pod running within a vulnerable […]

The post Azure Kubernetes Services Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

A critical vulnerability tracked as CVE-2024-7646, has been uncovered in the widely used ingress-nginx Kubernetes controller. The flaw allows attackers to bypass annotation validation, poses a significant risk to Kubernetes clusters, and demands immediate attention from security teams and cluster administrators. Security researcher André Storfjord Kristiansen (@dev-bio on GitHub) discovered the vulnerability in the way […]

The post New Kubernetes Vulnerability Allows Attackers to Access Clusters Remotely appeared first on Cyber Security News.

The popular flight-tracking website FlightAware discovered a configuration error that exposed the sensitive personal information of its users. The data leak included user IDs, passwords, and email addresses, and depending on the information provided by users may have also exposed full names, billing and shipping addresses, IP addresses, social media accounts, telephone numbers, birth years, […]

The post FlightAware Data Leak Exposes Users’ Personal Information appeared first on Cyber Security News.

Cisco Talos has identified eight security vulnerabilities in Microsoft applications running on the macOS operating system, raising concerns about potential exploitation by adversaries. These vulnerabilities, if exploited, could allow attackers to hijack the permissions and entitlements of Microsoft applications, leading to unauthorized access to sensitive resources such as microphones, cameras, and user data. The vulnerabilities […]

The post Microsoft macOS Apps Vulnerability Allows Hackers to Record Audio/Video appeared first on Cyber Security News.

A recent analysis of a security vulnerability in Microsoft’s Secure Channel revealed a critical flaw that could be exploited for remote code execution. The vulnerability was initially identified as an integer overflow issue. However, further investigation determined it to be a Use-After-Free (UAF) vulnerability. This type of vulnerability occurs when a program continues to use […]

The post Windows Secure Channel RCE Vulnerability Let Attackers Inject Malicious Files Remotely appeared first on Cyber Security News.

Toyota’s U.S. branch has reportedly suffered a massive data breach, resulting in the unauthorized release of approximately 240 GB of sensitive information. The breach, allegedly perpetrated by the notorious hacker group ZeroSevenGroup, has exposed a wide array of data, posing serious security risks for the automotive giant and its stakeholders. Details of the Breach According […]

The post TOYOTA Data Breach – Hackers Group Leaked 240 GB of Data Online appeared first on Cyber Security News.

AI SPERA, a leading Cyber Threat Intelligence (CTI) company, has announced a strategic partnership with Hackers Central, a major cybersecurity management service provider in Mexico. The announcement marks a significant step in AI SPERA’s strategy to broaden its international footprint. Hackers Central, a prominent cybersecurity management firm in Mexico, offers comprehensive security services including vulnerability […]

The post AI SPERA and Hackers Central Partner to Expand Mexico’s Security Market with ‘Criminal IP ASM’ appeared first on Cyber Security News.

Recently cybersecurity researchers at Check Point discovered a new malware dubbed “Styx Stealer,” capable of stealing browser and instant messenger data. Threat actors often exploit stealers, enabling them to secretly gather sensitive information from the compromised systems. While the types of information they steal via stealers include personal credentials, financial data, and passwords.  The stolen […]

The post Beware! Styx Stealer Malware Stealing Browser & Instant Messenger Data appeared first on Cyber Security News.

Hackers have found a way to exploit email URL rewriting features, a tool initially designed to protect users from phishing threats. This new tactic has raised alarms among security experts, turning a protective measure into a vulnerability. URL rewriting is a security feature employed by email security vendors to protect users from malicious links embedded […]

The post Hackers Exploit Email URL Rewriting to Insert Phishing Links appeared first on Cyber Security News.

A complex large-scale campaign was detected by Unit 42 researchers that manipulated and extorted several organizations using cloud systems.  Security analysts discovered that this massive large-scale cyber attack on AWS targets over 230 million unique cloud environments. The attackers crafted a smart tactic of exploiting exposed environment variable (.env) files on cloud infrastructures. These .env […]

The post Massive Cyber Attack On AWS Targets 230 Million Unique Cloud Environments appeared first on Cyber Security News.

Copilot Autofix is a newly launched feature of the GitHub Advanced Security (GHAS) and this feature was designed to make it easier for users to discover and fix code vulnerabilities. AI tools are revolutionizing the cybersecurity landscape by enhancing several major factors like threat detection, automating processes, and providing valuable insights to combat sophisticated cyber […]

The post Copilot Autofix – A GitHub AI Tools Now Analyse Vulnerabilities And Fix It Automatically appeared first on Cyber Security News.

Researchers uncovered a vulnerability in the Linux kernel’s dmam_free_coherent() function, which stems from a race condition caused by the improper order of operations when freeing DMA (Direct Memory Access) allocations and managing associated resources. This vulnerability can lead to system instabilities and malfunctions, as DMA is crucial for allowing hardware devices to transfer data directly […]

The post Linux Kernal Vulnerability Let Attackers Bypass CPU & Write on Memory appeared first on Cyber Security News.

A new malware strain known as “QWERTY Info Stealer” has emerged. It targets Windows systems with advanced anti-debugging techniques and data exfiltration capabilities. This malware is hosted on the domain mailservicess[.]com, represents a significant threat to individuals and organizations. Our comprehensive analysis illuminates its technical aspects, including its anti-debugging strategies, data collection methods, and interaction […]

The post QWERTY Info Stealer Employed Anti-Debugging Techniques to Exfiltrate Data from Windows appeared first on Cyber Security News.

The “Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More” provides a comprehensive overview of the latest developments in the cybersecurity landscape. Each edition highlights significant data breaches, emerging vulnerabilities, and notable cyber attacks, offering insights into the evolving threats that organizations face. By staying informed through this newsletter, readers can […]

The post Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & Other Stories appeared first on Cyber Security News.