Attackers are leveraging Follina. What can you do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns. A complex vulnerability Microsoft has described CVE-2022-3.....»»
Hackers Could Use ChatGPT to Target 2024 Elections
The rise of generative AI tools has increased the potential for a range of attackers to disrupt elections around the world The rise of generative AI tools like ChatGPT has increased the potential for a wide range of attackers to ta.....»»
VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)
VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities hav.....»»
Quantum dark states lead to an advantage in noise reduction
While atomic clocks are already the most precise timekeeping devices in the universe, physicists are working hard to improve their accuracy even further. One way is by leveraging spin-squeezed states in clock atoms......»»
RCE vulnerabilities fixed in SolarWinds enterprise solutions
SolarWinds has released updates for Access Rights Manager (ARM) and (Orion) Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. SolarWinds ARM flaws fixed SolarWinds, the company whose Orion IT ad.....»»
Unlocking Mobile Success with Five Must-Have Traits in Mobile Analytics Tools
In today’s digital age, mobile apps have become the cornerstone of business success. As such, leveraging the right mobile analytics tools is not just an option; it’s a necessity. These tools empower businesses to understand user behavior,.....»»
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE.....»»
All RTX GPUs now come with a local AI chatbot. Is it any good?
Nvidia is taking a swing at making its own AI chatbot by leveraging the power of RTX GPUs -- but it still has some serious quirks......»»
Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)
CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Ab.....»»
Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893)
Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation I.....»»
Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)
CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attac.....»»
Critical vulnerability affecting most Linux distros allows for bootkits
Buffer overflow in bootloader shim allows attackers to run code each time devices boot up. Enlarge Linux developers are in the process of patching a high-severity vulnerability that, in certain cases, allows the install.....»»
How much is Spotify Premium, and can you get it for free?
Whether signing up as a student, splitting a family plan, or leveraging limited-time deals, there are several ways to get Spotify Premium at a discount......»»
Qualys enhances CyberSecurity Asset Management to discover risky unmanaged devices
Qualys is expanding Qualys CyberSecurity Asset Management (CSAM) to identify unmanaged and untrusted devices in real-time. Leveraging the Qualys Cloud Agent to continuously monitor the network, this passive discovery method complements scans, agents,.....»»
PoC for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)
Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based.....»»
Venafi Stop Unauthorized Code Solution reduces attack surface
Venafi introduced its new Stop Unauthorized Code Solution, designed to help security teams proactively prevent unauthorized code across any operating environment. By leveraging the combined power of Venafi’s CodeSign Protect product, trusted team o.....»»
Veriti Odin utilizes AI algorithms to detect and analyze threats
Veriti launched its AI powered contextual cybersearch solution, Veriti Odin. Leveraging advanced AI architecture, Odin is designed to optimize and elevate the way businesses approach cybersecurity, creating certainty that solutions are deployed corre.....»»
Attackers can steal NTLM password hashes via calendar invites
A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev.....»»
Study analyzes differences among lone, pair and group terror attackers
Analysis of more than 140 individuals convicted of extremist offenses in England and Wales has revealed how terrorists who act alone, in pairs, or in a group differ in background, social influence and activity......»»
Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot
Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning. The attackers asks for a small sum to return / not publish the data, but those who.....»»
VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)
A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned. The company is not aware of any “in th.....»»