Threat actors are exploiting a recent path traversal vulnerability in SolarWinds Serv-U using public PoC code.
The post Recent SolarWinds Serv-U Vulnerability Exploited in the Wild appeared first on SecurityWeek.
SecurityWeek – Read More
CISA says CFATS program data was likely accessed after an Ivanti Connect Secure appliance was hacked in January.
The post Personal and Chemical Facility Information Potentially Accessed in CISA Hack appeared first on SecurityWeek.
SecurityWeek – Read More
A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader).
That’s according to findings from Rapid7, which identified lookalike websites hosting the malicious payloads that users are redirected to after searching for them on search engines like Google and Bing.
The
The Hacker News – Read More
A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild.
The vulnerability, tracked as CVE-2024-28995 (CVSS score: 8.6), concerns a directory transversal bug that could allow attackers to read sensitive files on the host machine.
Affecting all versions of the software prior to and including Serv-U 15.4.2
The Hacker News – Read More
Immersing yourself in best practices for ethical hacking, pen-testing and information security can set you up for a career or better-protected business.
Security | TechRepublic – Read More
With the sudden arrival of ChatGPT, educators and editors face a worrying surge of automated content submissions. We look at the problem and what can be done about it.
Latest stories for ZDNET in Security – Read More
Car dealership software provider CDK Global was in the process of restoring services impacted by a cyberattack when it discovered an additional hack.
The post Disruptions at Many Car Dealerships Continue as CDK Hack Worsens appeared first on SecurityWeek.
SecurityWeek – Read More
The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) on Thursday announced a “first of its kind” ban that prohibits Kaspersky Lab’s U.S. subsidiary from directly or indirectly offering its security software in the country.
The blockade also extends to the cybersecurity company’s affiliates, subsidiaries and parent companies, the department said, adding the action is based on
The Hacker News – Read More
Change Healthcare is starting to notify hospitals, insurers and other customers that they may have had patient information exposed in a massive cyberattack.
The post Change Healthcare to Start Notifying Customers Who Had Data Exposed in Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More