-
Google Cloud mandates MFA by end of 2025
Google Cloud on Nov. 4 told the business community that it plans to implement mandatory multi-factor authentication (MFA) in three phases …
-
Increasing Awareness of DNS Hijacking: A Growing Cyber Threat
A recent report from Palo Alto Networks’s Unit 42 exposes the persistent and evolving threat of DNS hijacking, a stealthy tactic …
-
AI-Assisted Attacks Top Cyber Threat For Third Consecutive Quarter, Gartner Finds
For the third consecutive quarter, Gartner has found that cyber attacks staged using artificial intelligence are the biggest risk for …
-
Cybercrooks are targeting Bengal cat lovers in Australia for some reason
Fresh from a series of serious reports detailing its five-year battle with Chinese cyberattackers, Sophos has dropped a curious story about …
-
Broadcom Expands VCF 9 Private Cloud Capabilities with Agility and Security
Broadcom has set its sights on enhancing VCF to create a highly integrated private cloud platform that provides public cloud scalability …
-
Updated Strela Stealer malware hits Germany, Spain
Malicious emails purporting to be invoices that contain ZIP attachments have been delivered to facilitate the execution of a …
-
New Army Cyber Command AI tool shows promise in bolstering Pentagon network defenses
Aside from enabling simultaneous network risk evaluations and threat intelligence delivery, Panopticon Junction has also allowed …
-
CrowdStrike acquires cloud security provider Adaptive Shield
that the transaction is worth $300 million, more than six times the amount that Adaptive Shield has raised from investors. The company …
-
Scammers Target BASE and Ethereum with Political Meme Coins and Rug Pulls
Trugard Labs has revealed a series of major threats plaguing blockchain networks, particularly in emerging and fast-growing chains like …
-
Ransomware landscape dominated by RansomHub
Play, Qilin, Medusa, and LockBit — which was the dominant ransomware operation in 2022 and 2023 before being subjected to law enforcement …
-
Dstat.cc DDoS platform disrupted in global crackdown
Pro-Russian hacktivist operations Killnet and Passion have leveraged Dstat.cc to promote their DDoS attack capabilities, with the latter …
-
US jails real estate phisher
The U.S. Department of Justice announced that Nigerian hacker Kolade Akinwale Ojelade has been sentenced to more than 26 years imprisonment …
●●●
NVD
- CVE-2024-51736 – Symphony process is a module for the Symphony PHP framework which executes commands in …
- CVE-2024-34673 – Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows …
- CVE-2024-10028 – The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin …
- CVE-2024-10647 – The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress …
- CVE-2024-34674 – Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical …
EXPLOITS
- openSIS 9.1 – SQLi (Authenticated)
- reNgine 2.2.0 – Command Injection (Authenticated)
- dizqueTV 1.5.3 – Remote Code Execution (RCE)
- Invesalius3 – Remote Code Execution
- NoteMark < 0.13.0 - Stored XSS
SECURELIST
- New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptoc
- Loose-lipped neural networks and lazy scammers
- Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses
- Lumma/Amadey: fake CAPTCHAs want to know if you’re human
- The Crypto Game of Lazarus APT: Investors vs. Zero-days