Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

/in

The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.
The most severe of the vulnerabilities are listed below –

CVE-2024-25641 (CVSS score: 9.1) – An arbitrary file write vulnerability in the “Package Import” feature that

The Hacker News – ​Read More

Hacker Conversations: Ron Reiter, and the Making of a Professional Hacker

/in

Ron Reiter was a childhood hacker in Israel. He was recruited into the IDF’s elite Unit 8200 for his military service. Now he is CTO and co-founder of cybersecurity firm Sentra.

The post Hacker Conversations: Ron Reiter, and the Making of a Professional Hacker appeared first on SecurityWeek.

SecurityWeek – ​Read More

Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks

/in

Threat actors are using DNS tunneling to track victims’ interaction with spam and to scan network infrastructures.

The post Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks appeared first on SecurityWeek.

SecurityWeek – ​Read More

Google Patches Second Chrome Zero-Day in One Week

/in

Google has patched CVE-2024-4761, the second exploited vulnerability addressed by the company within one week.

The post Google Patches Second Chrome Zero-Day in One Week appeared first on SecurityWeek.

SecurityWeek – ​Read More

6 Mistakes Organizations Make When Deploying Advanced Authentication

/in

Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of authentication sophistication to adequately safeguard organizational data. When deploying

The Hacker News – ​Read More

Ongoing Campaign Bombarded Enterprises with Spam Emails and Phone Calls

/in

Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation.
“The incident involves a threat actor overwhelming a user’s email with junk and calling the user, offering assistance,” Rapid7 researchers Tyler McGraw, Thomas Elkins, and

The Hacker News – ​Read More

Mallox Ransomware Deployed via MS-SQL Honeypot Attack

/in

Upon analyzing Mallox samples, researchers identified two distinct affiliates using different approaches. One focused on exploiting vulnerable assets, while the other aimed at broader compromises of information systems on a larger scale.

Cyware News – Latest Cyber News – ​Read More

Google is planning on a fix to prevent accidental password deletion in Chrome

/in

A default Google Chrome setting in Android could delete credentials saved in the Password Manager. But a potential fix is on the way.

Latest stories for ZDNET in Security – ​Read More

Student, Personnel Information Stolen in City of Helsinki Cyberattack

/in

The City of Helsinki says usernames, email addresses, and personal information was stolen in a recent cyberattack.

The post Student, Personnel Information Stolen in City of Helsinki Cyberattack appeared first on SecurityWeek.

SecurityWeek – ​Read More

FCC Reveals Royal Tiger, its First Tagged Robocall Threat Actor

/in

The FCC’s new robocall bad actor classification system, called Consumer Communications Information Services Threat (C-CIST), aims to help authorities identify and track threat actors abusing telecommunications infrastructure.

Cyware News – Latest Cyber News – ​Read More