Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are listed below –

CVE-2017-3066 (CVSS score: 9.8) – A deserialization vulnerability impacting

The Hacker News – ​Read More

$1.5B Hack of Bybit Might Be the Largest Crypto Heist Ever

/in

Get details about how this cryptocurrency heist happened, and what Bybit’s CEO has said about it.

Security | TechRepublic – ​Read More

Zero-Day Bug Pops Up in Parallels Desktop for Mac

/in

A patch bypass for a bug in the popular desktop emulator enables root-level privilege escalation and has no fix in sight.

darkreading – ​Read More

Australia Latest Domino to Fall in Gov’t Kaspersky Bans

/in

This move comes less than a year after the United States banned Kaspersky products, out of the same fear that the company is under Russian government control.

darkreading – ​Read More

Hackers pose as e-sports gamers online to steal cryptocurrency from Counter-Strike fans

/in

Cybercriminals are exploiting major e-sports tournaments to target players of the popular video game Counter-Strike 2 (CS2), researchers have found.

The Record from Recorded Future News – ​Read More

DOGE’s HR email is getting the ‘Bee Movie’ spam treatment

/in

Over the weekend, Elon Musk surveyed his followers on X — the platform he spent $44 billion to buy — asking whether federal employees should be required to send his team an email with a list of five things they accomplished this week. With the yes votes totaling over 70%, Musk followed through. Federal employees […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

Botnet of 130K Devices Targets Microsoft 365 in Password-Spraying Attack

/in

A botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts.

Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – ​Read More

DeepSeek’s ByteDance Data-Sharing Raises Fresh Security Concerns

/in

Confirmation by South Korea’s data protection agency that the AI chatbot sent data to TikTok’s Chinese parent company has spurred a ban in that nation, and is again is calling into question DeepSeek’s safety.

darkreading – ​Read More

Could the Plot of Netflix’s ‘Zero Day’ Occur IRL?

/in

A new streaming series about a catastrophic, nationwide cyberattack against US critical infrastructure is about as believable as its main character: an honest, bipartisan, universally beloved politician.

darkreading – ​Read More

North Korea’s Lazarus hackers behind $1.4 billion crypto theft from Bybit, researchers say

/in

Cybersecurity researchers say North Korean hackers are behind the largest cryptocurrency heist in history and are actively laundering the more than $1.4 billion in cryptocurrency stolen from the Bybit exchange on Friday.

The Record from Recorded Future News – ​Read More