Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool

/in

As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client.
“Attackers can take control of a malicious server and read/write arbitrary files of any connected client,” the CERT Coordination Center (CERT/CC) said in an advisory. “Sensitive data, such as SSH keys,

The Hacker News – ​Read More

Ivanti Patches Critical Vulnerabilities in Endpoint Manager

/in

Ivanti has released patches for multiple vulnerabilities in Endpoint Manager (EPM), including four critical-severity flaws.

The post Ivanti Patches Critical Vulnerabilities in Endpoint Manager appeared first on SecurityWeek.

SecurityWeek – ​Read More

Fortinet Confirms New Zero-Day Exploitation 

/in

Fortinet patches critical vulnerabilities, including a zero-day that has been exploited in the wild since at least November 2024. 

The post Fortinet Confirms New Zero-Day Exploitation  appeared first on SecurityWeek.

SecurityWeek – ​Read More

Microsoft Discovers macOS Flaw CVE-2024-44243, Bypassing SIP

/in

CVE-2024-44243, a critical macOS vulnerability discovered recently by Microsoft, can allow attackers to bypass Apple’s System Integrity Protection…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

ICS Patch Tuesday: Security Advisories Published by Schneider, Siemens, Phoenix Contact, CISA

/in

Schneider Electric, Siemens, CISA, and Phoenix Contact have released January 2025 Patch Tuesday ICS security advisories.

The post ICS Patch Tuesday: Security Advisories Published by Schneider, Siemens, Phoenix Contact, CISA appeared first on SecurityWeek.

SecurityWeek – ​Read More

Wultra Secures €3M to Protect Financial Institutions from Quantum Threats

/in

Prague, Czech republic, 15th January 2025, CyberNewsWire

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

/in

The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a “multi-month law enforcement operation.”
PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People’s Republic of China (PRC

The Hacker News – ​Read More

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

/in

Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution.
Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the “vulnerabilities are trivial to reverse and exploit.”
The list of identified flaws is as follows –

The Hacker News – ​Read More

3 Actively Exploited Zero-Day Flaws Patched in Microsoft’s Latest Security Update

/in

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks.
Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned

The Hacker News – ​Read More

As Tensions Mount With China, Taiwan Sees Surge in Cyberattacks

/in

In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms.

darkreading – ​Read More