Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances.
Both shortcomings impact all versions of the software prior to version 2024-04, which was released on April 4, 2024. The issues were responsibly disclosed by SonarSource on March 22, 2024.
The flaws
The Hacker News – Read More
Cops decimate cybercrime infrastructure used to steal data from nearly 2,000 people in Singapore last year.
darkreading – Read More
The US passenger rail giant said attackers used previously compromised credentials to crack accounts and access a freight train of personal data.
darkreading – Read More
A trio of bugs could allow hackers to escalate privileges and remotely execute code on virtual machines deployed across cloud environments.
darkreading – Read More
Threat actors were able to breach Blackbaud’s systems and compromise sensitive data, largely because of the company’s poor cybersecurity practices and lack of encrypted data, the AG said.
darkreading – Read More
“ClearFake” and “ClickFix” attackers are tricking people into cutting and pasting malicious PowerShell scripts to infect their own machines with RATs and infostealers.
darkreading – Read More
Internet Computer Protocol (ICP) introduces Verified Credentials (VCs), a walletless solution enhancing data sharing privacy. Unveiled at DICE 2024, VCs help combat bots and fake accounts on social media, ensuring secure and efficient verification.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
BlackSuit Ransomware, known as the rebrand of the Conti ransomware gang, has leaked a trove of Kansas City Police data, including evidence records, investigation files, crime scene phones, and much more, after the department refused to pay the ransom.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
A controversial proposal put forth by the European Union to scan users’ private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service of the same name.
“Mandating mass scanning of private communications fundamentally
The Hacker News – Read More
Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer.
“Adversaries had managed to trick users into downloading password-protected archive files containing trojanized copies of a Cisco Webex Meetings App (ptService.exe),” Trellix security
The Hacker News – Read More