Siemens Issues Critical Security Advisory for User Management Component (UMC)

/in

Siemens has issued a critical security advisory for its User Management Component (UMC), revealing a heap-based buffer overflow vulnerability (CVE-2024-33698) with a 9. 3 CVSS score.

Cyware News – Latest Cyber News – ​Read More

CosmicBeetle Upgrades Arsenal with New ScRansom Ransomware to Target SMBs

/in

CosmicBeetle has unleashed a new ransomware called ScRansom, targeting SMBs in Europe, Asia, Africa, and South America, possibly working with RansomHub. The threat actor swapped its Scarab ransomware for ScRansom, showing ongoing enhancements.

Cyware News – Latest Cyber News – ​Read More

OpenZiti: Secure, Open-Source Networking for Your Applications

/in

OpenZiti is an open-source networking project that embeds zero-trust principles directly into applications, offering features like strong identity, mTLS, E2EE, private DNS, and smart routing.

Cyware News – Latest Cyber News – ​Read More

Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library

/in

Microsoft has started introducing support for post-quantum algorithms in SymCrypt, its main cryptographic library.

The post Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library appeared first on SecurityWeek.

SecurityWeek – ​Read More

Earth Preta Upgrades Attack Strategy via Removable Drives

/in

The HIUPAN worm allows Earth Preta to propagate malware into networks via removable drives, maintaining persistence by modifying registry values and creating autorun entries.

Cyware News – Latest Cyber News – ​Read More

FBI Report Says Cryptocurrency Scams Surged in 2023

/in

According to an FBI report, cryptocurrency scams surged in 2023, leading to victims reporting $5. 6 billion in financial losses associated with crypto schemes, a 45% increase from the previous year.

Cyware News – Latest Cyber News – ​Read More

UK: National Crime Agency, Responsible for Fighting Cybercrime, ‘On Its Knees,’ Warns Report

/in

The agency is losing nearly a fifth of its cyber capacity annually due to a broken pay system, leading to increased costs with temporary labor and consultants making up over 10% of its budget.

Cyware News – Latest Cyber News – ​Read More

Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products

/in

Zyxel has released critical hotfixes for its end-of-support NAS devices, NAS326 and NAS542, to address a severe command injection vulnerability (CVE-2024-6342) with a CVSS score of 9. 8.

Cyware News – Latest Cyber News – ​Read More

Chrome 128 Update Resolves High-Severity Vulnerabilities

/in

Google has released a Chrome 128 security update to resolve high-severity memory safety vulnerabilities.

The post Chrome 128 Update Resolves High-Severity Vulnerabilities appeared first on SecurityWeek.

SecurityWeek – ​Read More

Gallup Poll Bugs Open Door to XSS Attacks

/in

Checkmarx researchers discovered two XSS vulnerabilities on Gallup’s polling site, which could allow attackers to access sensitive data, execute arbitrary code, or take over accounts.

Cyware News – Latest Cyber News – ​Read More