37 Vulnerabilities Patched in Android

/in

Android’s June 2024 security update resolves 37 vulnerabilities, including high-severity flaws in Framework and System.

The post 37 Vulnerabilities Patched in Android appeared first on SecurityWeek.

SecurityWeek – ​Read More

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

/in

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve.
The updates have been observed in version 6 of DarkGate released in March 2024 by its developer RastaFarEye, who

The Hacker News – ​Read More

Oracle WebLogic Server OS Command Injection Flaw Under Active Attack

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an operating system (OS) command injection vulnerability that could be exploited to obtain unauthorized

The Hacker News – ​Read More

Atlassian Confluence High-Severity Bug Allows Code Execution

/in

Because of the role the Confluence Server plays in managing documentation and knowledge data bases, the researchers recommend users upgrade to patch CVE-2024-21683 as soon as possible.

darkreading – ​Read More

Ways iOS Sideloading Can Be More Secure

/in

Sideloading apps is now possible on iOS devices, forcing Apple to add some security features in an attempt to mitigate the dangers of loading unknown apps.

darkreading – ​Read More

Europol’s Hunt Begins for Emotet Malware Mastermind

/in

International law enforcement Operation Endgame shifts its crackdown to focus on individual adversaries.

darkreading – ​Read More

Russia Aims Cyber Operations at Summer Olympics

/in

As always, Russian APTs are hoping to foment unrest by stoking existing societal divides and fears, this time around the Olympics and EU politics; and, concerns remain around physical disruption.

darkreading – ​Read More

Ticketmaster Confirms Cloud Breach, Amid Murky Details

/in

Ticketmaster parent Live Nation has filed a voluntary SEC data breach notification, while one of its cloud providers, Snowflake, also confirmed targeted cyberactivity against some of its customers.

darkreading – ​Read More