Cisco has recently addressed a significant security vulnerabilit in its Unity Connection softwarey, identified as CVE-2024-20272. This flaw poses a critical risk as it allows unauthenticated attackers to gain root privileges on affected systems. The update is already available and is recommended for installation as soon as possible. Vulnerability in Cisco Unity Connection Allows for… Continue reading Cisco Unity Connection Vulnerability Enables Root Access
Tag: Cybersecurity
Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
Ivanti issued an alert about its Connect Secure VPN appliances. Advanced threat actors are exploiting two zero-day vulnerabilities in cyberattacks, possibly including state-sponsored groups. That is yet another vulnerability in Ivanti software. Ivanti Connect Secure Zero-Day Exploited Ivanti, a prominent software company, recently issued a critical alert concerning its Connect Secure VPN appliances. These devices… Continue reading Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
Water Curupira Hackers Spread PikaBot in Email Spam
Notorious group known as Water Curupira has unleashed a new wave of threats through their sophisticated malware, Pikabot. This menacing campaign, primarily spread through email spam, highlights an alarming escalation in cyber attacks. It targets unsuspecting victims with deceptive emails, leading to unauthorized access and potential data breaches. Water Curupira’s Email Spam Campaigns Water Curupira,… Continue reading Water Curupira Hackers Spread PikaBot in Email Spam
Apache OFBiz Vulnerability Exposes Millions of Systems
The cyber world has been rattled by the recent discovery of a critical zero-day vulnerability in Apache OFBiz, known as CVE-2023-51467. Researchers at SonicWall unveiled this flaw, which poses a significant threat by enabling attackers to bypass authentication and carry out a Server-Side Request Forgery (SSRF). The vulnerability is severe, with a CVSS score of… Continue reading Apache OFBiz Vulnerability Exposes Millions of Systems
YouTube Videos Promote Software Cracks With Lumma Stealer
Researchers have discovered a cybersecurity threat that targets users through YouTube videos. These videos offer pirated software but are being used to distribute malware, specifically Lumma stealer. YouTube Videos Promoting Malware Concerning a development in the cybersecurity world, researchers have identified a new threat targeting freeloaders via YouTube videos. These videos are seemingly harmless and… Continue reading YouTube Videos Promote Software Cracks With Lumma Stealer
Two Adobe ColdFusion Vulnerabilities Exploited in The Wild
Two vulnerabilities in Adobe ColdFusion are exploited in real-world attacks, the Cybersecurity & Infrastructure Security Agency (CISA) warns. Both issues are related to the possibility of arbitrary code execution, caused by poor validation of deserialized data. Adobe released patches for both of these vulnerabilities back in mid-July 2023, when they were originally detected. ColdFusion ACE… Continue reading Two Adobe ColdFusion Vulnerabilities Exploited in The Wild
Tortilla (Babuk) Ransomware Decryptor Available
On January 9, 2024, Avast and Cisco Talos announced the release of a free decryptor for one of the Babuk ransomware variants – Tortilla. Analysts ensure that all the victims of the said threat actor can use the decryptor to get their files back. That is the second ransomware strain to get the decryptor in… Continue reading Tortilla (Babuk) Ransomware Decryptor Available
xDedic Marketplace Members Detained In International Operations
The infamous xDedic Marketplace, known for its illicit trade in compromised computers and personal data, has been effectively dismantled. 19 persons related to the marketplace were detained. The overall operation is the result of joint effort of law enforcement from 11 countries. xDedic’s Actors Face US Courts Although the actual seizure of xDedic happened almost… Continue reading xDedic Marketplace Members Detained In International Operations
Verified X/Twitter Accounts Hacked to Spread Cryptoscams
The trend of hacking official accounts to promote cryptocurrency fraud is gaining momentum. Over the past week, researchers have discovered an abnormal number of such incidents. X/Twitter Crypto Scams From Verified Accounts Today, we are witnessing an unpleasant trend: hackers increasingly target verified Twitter accounts. To be more specific, this refers to individuals who are… Continue reading Verified X/Twitter Accounts Hacked to Spread Cryptoscams
SMTP Smuggling is a New Threat to Email Security
A new SMTP Smuggling technique reportedly has the potential to bypass existing security protocols. Also it can enable attackers to send spoofed emails from seemingly legitimate addresses. This may breathe new life into email spam, despite its efficiency not decreasing throughout the last time. What is SMTP Smuggling? SMTP smuggling is a novice exploitation technique… Continue reading SMTP Smuggling is a New Threat to Email Security