Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

/in

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems.
“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted

The Hacker News – ​Read More

150K+ UAE Network Devices & Apps Found Exposed Online

/in

Misconfigurations, insecure services leave United Arab Emirates organizations and critical infrastructure vulnerable to bevy of cyber threats.

darkreading – ​Read More

DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack

/in

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers.
“During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass

The Hacker News – ​Read More

Magnet Goblin Exploits 1-Day Bugs, Deploys Nerbian RAT

/in
The threat actor group Magnet Goblin is rapidly exploiting newly disclosed vulnerabilities to target public-facing servers and edge devices, warned Check Point. This particular instance was an Ivanti Connect Secure exploitation campaign that resulted in the deployment of a Linux version of a malware called NerbianRAT and a JavaScript credential stealer named WARPWIRE. Exploiting 1-day vulnerabilities, this group’s attacks on public-facing servers underscore the critical importance of timely patching and continuous monitoring to protect against sophisticated cyber threats.

Cyware News – Latest Cyber News – ​Read More

ChatGPT Spills Secrets in Novel PoC Attack

/in

Research is latest in a growing body of work to highlight troubling weaknesses in widely used generative AI tools.

darkreading – ​Read More

Anthropic releases Claude 3 Haiku, an AI model built for speed and affordability

/in

Anthropic launches Claude 3 Haiku, the fastest and most affordable AI model in its class, featuring advanced vision capabilities and enterprise-grade security for high-volume, latency-sensitive applications.Read More

Security News | VentureBeat – ​Read More

LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition

/in

By Deeba Ahmed

Mikhail Vasiliev, a Russian-Canadian citizen faces four years in a Canadian prison and is likely to be extradited to the US after completing his sentence.

This is a post from HackRead.com Read the original post: LockBit Affiliate Sentenced to 4 Years in Canada, Faces Extradition

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More