Update: PoC Exploit Released for Unauthenticated RCE in Veeam Backup & Replication

Security researcher Sina Kheirkhah has published a PoC exploit for CVE-2024-40711 in Veeam Backup & Replication, a critical vulnerability with a CVSS score of 9.8. The flaw allows unauthenticated RCE, posing a threat to enterprise environments.

Cyware News – Latest Cyber News – ​Read More

US Disrupts ‘Raptor Train’ Botnet of Chinese APT Flax Typhoon

The US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices.

The post US Disrupts ‘Raptor Train’ Botnet of Chinese APT Flax Typhoon appeared first on SecurityWeek.

SecurityWeek – ​Read More

GitLab Releases Critical Security Patch for CVE-2024-45409 (CVSS 10) Vulnerability

GitLab has released a critical security patch for the CVE-2024-45409 vulnerability (CVSS 10). It impacts both GitLab Community Edition (CE) and Enterprise Edition (EE) and originates from the Ruby-SAML library used for SAML authentication.

Cyware News – Latest Cyber News – ​Read More

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass.
The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week.
The

The Hacker News – ​Read More

Craig Newmark pledges $100M to fight hacking by foreign governments

Craigslist founder Craig Newmark plans to donate $100 million to further strengthen U.S. cybersecurity, addressing what he sees as a growing threat from foreign governments, he tells the WSJ. Half the funds will focus on protecting power grids and other infrastructure from cyberattacks; half will be earmarked to educate people about so-called cybersecurity hygiene.  Newmark, […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

FBI Dismantles Chinese-Linked Botnet of 260,000 IoT Devices

The FBI, in collaboration with U.S. government agencies, dismantled a Chinese state-backed botnet known as Flax Typhoon, comprising…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Everything you need to know about VPN tracking

A VPN (Virtual Private Network) adds privacy and security to your browsing. But does this make your internet…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Fal.Con 2024: CrowdStrike unveils resilient-by-design framework to bolster global cybersecurity

“It’s not only about bouncing back – it’s about staying ahead through a culture of resilience,” Kurtz emphasized during his keynote.Read More

Security News | VentureBeat – ​Read More

Contractor Software Targeted via Microsoft SQL Server Loophole

By accessing the MSSQL, threat actors gain admin-level access to the application, allowing them to automate their attacks.

darkreading – ​Read More

Packed With Features, ‘SambaSpy’ RAT Delivers Hefty Punch

Thought to be Brazilian in origin, the remote access Trojan is the “perfect tool for a 21st-century James Bond.”

darkreading – ​Read More