CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities are listed below –

CVE-2019-9874 (CVSS score: 9.8) – A deserialization vulnerability in the Sitecore.Security.AntiCSRF

The Hacker News – ​Read More

NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems

/in

A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation.
SnapCenter is an enterprise-focused software that’s used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources.

The vulnerability, tracked as

The Hacker News – ​Read More

Internet Archive (Archive.org) Goes Down Following “Power Outage”

/in

The Internet Archive (Archive.org), home to the Wayback Machine, is temporarily offline due to a reported power outage.…

Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – ​Read More

British company Advanced fined £3m by privacy regulator over ransomware attack

/in

A business that provides IT services to numerous healthcare providers in the United Kingdom has been fined about $4 million by the country’s privacy regulator over a ransomware attack in 2022.

The Record from Recorded Future News – ​Read More

Security Expert Troy Hunt Lured in by Mailchimp Phish

/in

Hunt quickly took to his blog to notify the public of the breach and provide further details on how this could have happened.

darkreading – ​Read More

Mike Waltz Left His Venmo Friends List Public

/in

A WIRED review shows national security adviser Mike Waltz, White House chief of staff Susie Wiles, and other top officials left sensitive information exposed via Venmo—until WIRED asked about it.

Security Latest – ​Read More

Cybersecurity Gaps Leave Doors Wide Open

/in

Attackers don’t always need to resort to sophisticated gambits to break and enter; organizations often make it easy for them to walk right in.

darkreading – ​Read More

Penetration Testing Services: Strengthening Cybersecurity Against Evolving Threats

/in

Cybersecurity threats are evolving at an unprecedented pace, leaving organizations vulnerable to large-scale attacks. Security breaches and data…

Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – ​Read More

OpenAI Offering $100K Bounties for Critical Vulnerabilities

/in

OpenAI has raised its maximum bug bounty payout to $100,000 (up from $20,000) for high-impact flaws in its infrastructure and products.

The post OpenAI Offering $100K Bounties for Critical Vulnerabilities appeared first on SecurityWeek.

SecurityWeek – ​Read More

SignalGate Isn’t About Signal

/in

The Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.

Security Latest – ​Read More