Aggregator

CVE-2024-47055 | Mautic up to 5.2.5/6.0.1 Segment Cloning authorization (GHSA-vph5-ghq3-q782)

VulDB Recent Entries
10 months 3 weeks ago
A vulnerability was found in Mautic up to 5.2.5/6.0.1. It has been rated as problematic. This issue affects some unknown processing of the component Segment Cloning. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-47055. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-47056 | Mautic up to 6.0.1/5.2.5/4.4.15 env Configuration File cleartext storage (GHSA-h2wg-v8wg-jhxh)

VulDB Recent Entries
10 months 3 weeks ago
A vulnerability classified as problematic has been found in Mautic up to 6.0.1/5.2.5/4.4.15. Affected is an unknown function of the component env Configuration File Handler. The manipulation leads to cleartext storage of sensitive information. This vulnerability is traded as CVE-2024-47056. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-38341 | IBM Sterling Secure Proxy up to 6.0.3.1/6.1.0.1/6.2.0.1 weak hash

VulDB Recent Entries
10 months 3 weeks ago
A vulnerability was found in IBM Sterling Secure Proxy up to 6.0.3.1/6.1.0.1/6.2.0.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to use of weak hash. This vulnerability was named CVE-2024-38341. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Qilin

Dark Feed IO
10 months 3 weeks ago

You must login to view this content

cohenido

How Can We Solve the 'Insane' Deepfake Video Problem?

Ransomware DataBreachToday.com
10 months 3 weeks ago
Google Is Getting Accolades for Veo 3, But the AI Video Tool Has a Darker Side
AI enthusiasts are saying Veo 3 is one of Google's best products. The mind-blowing AI constructs cinematic video clips from text prompts, and the results look real. Veo 3 pushes deepfake capabilities into uncharted territory and introduces new threats to truth, trust and authenticity.

95% of Organizations Lack a Quantum Computing Strategy

Ransomware DataBreachToday.com
10 months 3 weeks ago
ISACA Survey: 51% See Cyber Risk Hike; 46% Expect Regulatory, Compliance Challenges
Quantum technology is still emerging, but experts warn that failing to act now could jeopardize future data security. To safeguard tomorrow's information, organizations must start developing a post-quantum cryptography strategy and upskill their workforce today.

Zscaler Buys Red Canary to Elevate AI-Driven Threat Response

Ransomware DataBreachToday.com
10 months 3 weeks ago
Red Canary Purchase Aims to Deliver Agentic AI-Powered Security Operations at Scale
Zscaler's buy of Red Canary will unify its cloud-based security infrastructure with Red Canary's MDR insights, giving rise to a next-gen SOC built on automation, AI, and rapid detection expertise. The integration will support a proactive SOC experience powered by AI workflows and security expertise.

Implementing Secure by Design Principles for AI

darkreading
10 months 3 weeks ago
Harnessing AI's full transformative potential safely and securely requires more than an incremental enhancement of existing cybersecurity practices. A Secure by Design approach represents the best path forward.
Diana Kelley

Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry

Security Affairs
10 months 3 weeks ago
The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on its critical infrastructure. The Czech government strongly condemned China after the cyber espionage group APT31 was linked to a cyberattack targeting the nation’s critical infrastructure. The Czech government condemned China after APT31 hackers infiltrated a ministry’s unclassified system in 2022 […]
Pierluigi Paganini

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

Krebs on Security
10 months 3 weeks ago
Authorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware.
BrianKrebs

Zanubis Android Malware Harvests Banking Credentials and Executes Remote Commands

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
10 months 3 weeks ago

The Zanubis Android banking Trojan has evolved into a highly sophisticated threat, initially targeting financial institutions in Peru before expanding its scope to virtual cards and cryptocurrency wallets. This malware, known for impersonating legitimate Peruvian Android apps, tricks users into granting accessibility permissions, thereby enabling extensive data theft and remote control capabilities. Evolution of a […]

The post Zanubis Android Malware Harvests Banking Credentials and Executes Remote Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

3 SOC Metrics Improved With Sandbox Analysis 

Cyber Security News
10 months 3 weeks ago

SOC teams are flooded with alerts, but what really matters is how quickly they can detect, investigate, and respond. When traditional tools fall short, sandbox analysis offers a clear view into real threat behavior, helping teams cut through the noise and take action faster.   Let’s take a look at the key SOC metrics that see […]

The post 3 SOC Metrics Improved With Sandbox Analysis  appeared first on Cyber Security News.

Balaji N

Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore

The Hackers News
10 months 3 weeks ago
An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware. Sina Gholinejad (aka Sina Ghaaf), 37, and his co-conspirators are said to have breached the computer networks of various organizations in the United States and encrypted files with Robbinhood ransomware to demand Bitcoin ransom payments.
The Hacker News

Managed ad