Hardware Supply Chain Threats Can Undermine Endpoint Infrastructure

To prevent this, organizations should focus on developing secure hardware and firmware foundations, enabling them to manage, monitor, and remediate hardware and firmware security.

darkreading – ​Read More

Update: Hackers Target Apache OFBiz RCE Flaw CVE-2024-45195 After PoC Exploit Released

Hackers are targeting an RCE vulnerability (CVE-2024-45195) in Apache OFBiz after the release of a Proof of Concept (PoC) exploit. Malicious requests have been detected, with attacks focusing on the financial services industry and business sectors.

Cyware News – Latest Cyber News – ​Read More

Two Critical RCE Flaws Discovered in Docker Desktop

Two critical remote code execution (RCE) flaws, identified as CVE-2024-8695 and CVE-2024-8696, have been uncovered in Docker Desktop, a popular tool for containerized application development.

Cyware News – Latest Cyber News – ​Read More

Chinese-speaking Hackers Linked to DragonRank SEO Manipulator Service

By exploiting web app services, the attackers deploy a web shell to launch malware and gather credentials, compromising IIS servers to spread the BadIIS malware. The malware facilitates proxy ware and SEO fraud by manipulating search engine rankings.

Cyware News – Latest Cyber News – ​Read More

Adobe Completes Fix for Reader Bug with Known PoC Exploit

Adobe has completed a fix for a critical bug in Reader with a known Proof of Concept (PoC) exploit for CVE-2024-41869. The update also addresses another critical flaw, CVE-2024-45112, in various versions of Acrobat and Reader.

Cyware News – Latest Cyber News – ​Read More

New Linux Malware “Hadooken’ Targets Oracle WebLogic Applications

A new Linux malware named Hadooken is targeting Oracle WebLogic servers, dropping Tsunami malware and deploying a cryptominer. WebLogic servers are vulnerable to cyberattacks due to flaws like deserialization and weak access controls.

Cyware News – Latest Cyber News – ​Read More

Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks

Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.

The post Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks appeared first on SecurityWeek.

SecurityWeek – ​Read More

UK Teen Arrested Over Transport for London Hack

A 17-year-old from England has been arrested by the NCA over the recent cyberattack on Transport for London.

The post UK Teen Arrested Over Transport for London Hack appeared first on SecurityWeek.

SecurityWeek – ​Read More

UK Data Centers Gain Critical Infrastructure Status, Raising Green Belt Controversy

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

The post UK Data Centers Gain Critical Infrastructure Status, Raising Green Belt Controversy appeared first on SecurityWeek.

SecurityWeek – ​Read More