Only three critical vulnerabilities were fixed as part of the April 2024 Patch Tuesday updates, but there are over 67 remote code execution bugs. More than half of the RCE flaws are found within Microsoft SQL drivers, likely sharing a common flaw.
ARC Labs recently analyzed a phishing email used in a credential harvesting campaign that leveraged a lure notifying the target they received a voice message and needed to visit a link to access it.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-11 09:06:502024-04-11 09:06:50Alethea Raises $20 Million for Disinformation Detection and Mitigation Solution
Fortinet fixed a dozen vulnerabilities in multiple products, including a critical-severity remote code execution (RCE) issue, tracked as CVE-2023-45590 (CVSS score of 9.4), in FortiClientLinux.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-11 08:06:352024-04-11 08:06:35Fortinet Fixed a Critical RCE Bug in FortiClientLinux
Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks.
It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off “individually targeted
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-11 07:06:372024-04-11 07:06:37Apple Expands Spyware Alert System to Warn Users of Mercenary Attacks
Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution.
Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.
“An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to
Following the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-10 22:07:132024-04-10 22:07:13National Security Agency Announces Dave Luber As Director of Cybersecurity
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-04-10 22:07:132024-04-10 22:07:13MedSec Launches Cybersecurity Program For Resource-Constrained Hospitals
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
/in General NewsOnly three critical vulnerabilities were fixed as part of the April 2024 Patch Tuesday updates, but there are over 67 remote code execution bugs. More than half of the RCE flaws are found within Microsoft SQL drivers, likely sharing a common flaw.
Cyware News – Latest Cyber News – Read More
Analyzing CryptoJS Encrypted Phishing Attempt
/in General NewsARC Labs recently analyzed a phishing email used in a credential harvesting campaign that leveraged a lure notifying the target they received a voice message and needed to visit a link to access it.
Cyware News – Latest Cyber News – Read More
Alethea Raises $20 Million for Disinformation Detection and Mitigation Solution
/in General NewsAlethea has raised $20 million in Series B funding for its technology designed to detect and mitigate disinformation.
The post Alethea Raises $20 Million for Disinformation Detection and Mitigation Solution appeared first on SecurityWeek.
SecurityWeek – Read More
Fortinet Fixed a Critical RCE Bug in FortiClientLinux
/in General NewsFortinet fixed a dozen vulnerabilities in multiple products, including a critical-severity remote code execution (RCE) issue, tracked as CVE-2023-45590 (CVSS score of 9.4), in FortiClientLinux.
Cyware News – Latest Cyber News – Read More
Apple Expands Spyware Alert System to Warn Users of Mercenary Attacks
/in General NewsApple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks.
It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off “individually targeted
The Hacker News – Read More
Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability
/in General NewsFortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution.
Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.
“An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to
The Hacker News – Read More
Japan, Philippines, & US Forge Cyber Threat Intel-Sharing Alliance
/in General NewsFollowing the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries.
darkreading – Read More
XZ Utils Scare Exposes Hard Truths About Software Security
/in General NewsMuch of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.
darkreading – Read More
National Security Agency Announces Dave Luber As Director of Cybersecurity
/in General NewsPost Content
darkreading – Read More
MedSec Launches Cybersecurity Program For Resource-Constrained Hospitals
/in General NewsPost Content
darkreading – Read More