Cyber Security News

SAP has released its August 2024 security patch update, addressing 17 new vulnerabilities, including two critical flaws that could allow attackers to bypass authentication and fully compromise affected systems. The most severe vulnerability, CVE-2024-41730, affects SAP BusinessObjects Business Intelligence Platform versions 430 and 440. With a CVSS score of 9.8, this “missing authentication check” flaw […]

The post Critical SAP Flaw Let Hackers to Bypass Authentication & Compromise Systems appeared first on Cyber Security News.

SSLoad is a complex malware loader that mainly intrudes into desired systems via phishing emails. Once inside, it performs reconnaissance, and then transfers the collected intelligence to its handlers. SSLoad later uses any available means to get past detection as it installs different forms of harmful code into the system. This program is also designed […]

The post New SSLoad Loader Malware Attacking Users to Infiltrate Login Details appeared first on Cyber Security News.

Cryptocurrency scams have changed along with digital currencies and they now employ technological advancements like AI and deepfakes in their sophisticated frauds. The CryptoCore group is an example of these methods where celebrity images are used, major events are exploited, and hijacked social media accounts are taken across platforms such as YouTube, Twitter, and TikTok. […]

The post CryptoCore, Sophisticated Cryptocurrency Scam Attacking Users To Drain Wallets appeared first on Cyber Security News.

A sophisticated phishing campaign has emerged, impersonating the Google Safety Centre to deceive users. This campaign is tricking unsuspecting individuals into downloading a malicious file, posing as the widely used Google Authenticator app. This attack has significant implications, as it threatens personal data and highlights cybercriminals’ evolving tactics. Malicious Software Disguised as Google Authenticator According […]

The post Beware of New Phishing Campaign that Impersonates Google Safety Centre appeared first on Cyber Security News.

Ivanti Virtual Traffic Manager has been discovered with a critical vulnerability which was associated with authentication bypass. This vulnerability has been assigned with CVE-2024-7593 and the severity was given as 9.8 (Critical). However, Ivanti has patched this vulnerability and released a security advisory to address it. Ivanti confirmed that there is no evidence of active […]

The post Ivanti Virtual Traffic Manager Flaw Let Hackers Create Rogue Admin Accounts appeared first on Cyber Security News.

Microsoft has released an urgent security update to address a critical remote code execution vulnerability in the Windows TCP/IP stack. The flaw tracked as CVE-2024-38063, affects all supported Windows and Windows Server versions, including Server Core installations. CVE-2024-38063 is a remote code execution vulnerability in Windows TCP/IP with a maximum severity rating of Critical and […]

The post Critical 0-Click RCE in Windows TCP/IP Stack Impacts All Systems appeared first on Cyber Security News.

Zoom Video Communications has disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients. These vulnerabilities, identified in multiple security bulletins, potentially allow attackers to escalate privileges on affected systems. The vulnerabilities highlight significant risks for users across various platforms, including Windows, macOS, Linux, iOS, and Android. CVE-2024-39825 & CVE-2024-39818 are particularly concerning […]

The post Zoom Critical Vulnerabilities Let Attackers Escalate Privileges appeared first on Cyber Security News.

Microsoft has released its August 2024 Patch Tuesday update to address 90 security vulnerabilities. The update includes fixes for six zero-day flaws actively exploited across various products and services, such as Windows, Office, Azure, Dynamics, and Edge. The high number of zero-day vulnerabilities, especially those already being actively exploited, makes this a particularly critical Patch […]

The post Microsoft Patches 6 Zero-Days That Threat Actors Actively Exploiting appeared first on Cyber Security News.

Security researchers at Perception Point have uncovered a sophisticated phishing campaign, dubbed “Uncle Scam.” In this AI-powered campaign, threat actors impersonate U.S. government agencies to send fraudulent tender invitations to numerous American enterprises. The attackers employ advanced techniques, including interactive kits and large language models (LLMs), to create highly convincing phishing emails. The phishing operation […]

The post Operation Uncle Scam – AI-Powered Phishing Attack Steals Microsoft Dynamics 365 Credentials appeared first on Cyber Security News.

Morphisec researchers have recently uncovered a critical vulnerability in Microsoft Outlook, identified as CVE-2024-30103. It can execute malicious code as soon as an email is opened. We will explore the technical aspects of CVE-2024-30103, examining how this vulnerability can be exploited and assessing its potential impact on your systems. This vulnerability presents a significant security […]

The post 0-Click Outlook Vulnerability Triggered RCE When Email is Opened – Technical Analysis appeared first on Cyber Security News.

International authorities have successfully seized the servers associated with the notorious Dispossessor ransomware group. This operation marks a critical step in combating ransomware attacks that have plagued individuals, businesses, and institutions worldwide. According to the tweet from MonThreat, the takedown comes amidst growing concerns over the increasing sophistication of cyber threats, including the recent emergence […]

The post New Banshee MacOS Stealer Attacking Users to Steal Keychain Data appeared first on Cyber Security News.

A critical security vulnerability, identified as CVE-2024-22116, has been patched in Zabbix, a popular monitoring solution. The vulnerability allowed an administrator with restricted permissions to execute arbitrary code via the Ping script in the Monitoring Hosts section, potentially compromising the infrastructure. The vulnerability, which had a CVSS score of 9.9, was discovered by justonezero, a […]

The post Zabbix Server Vulnerability Lets Attacker Execute Arbitrary Code Via Ping Script appeared first on Cyber Security News.

Akamai researchers have delved into the often-overlooked threat of VPN post-exploitation, highlighting techniques that threat actors can use to escalate their intrusion after compromising a VPN server. The study focuses on vulnerabilities and no-fix techniques affecting Ivanti Connect Secure and FortiGate VPNs, potentially allowing attackers to gain control over other critical network assets. VPN servers […]

The post Post-Exploitation Tactics Hackers Use After Compromising Ivanti, Fortigate VPN Servers appeared first on Cyber Security News.

Hackers often target the Solana Python API ecosystem to exploit vulnerabilities in decentralized applications, access private keys, or manipulate transactions on the Solana blockchain. Recently the Solana Python API ecosystem was targeted by a typosquatting attack (tagged as sonatype-2024-3214). The official Solana Python API project, known as “solana-py” on GitHub but listed as “solana” on […]

The post Beware Of Malicious Typosquat Package That Steals Your Secret Keys appeared first on Cyber Security News.

A Sinkclose vulnerability, which has been detected in AMD processors for decades, lets hackers obtain access to some of the most privileged areas of a computer. It allows malware to infiltrate a computer’s memory so deeply that, in many situations, it could be quicker to destroy the device than disinfect it. The vulnerability allows hackers […]

The post AMD Sinkclose Vulnerability Lets Attackers Most Privileged Portions Of a Computer appeared first on Cyber Security News.

Law enforcement has been attacking cyber threat actors for quite some time now. The FBI has taken down several servers belonging to multiple threat actors to disrupt their malicious operations. However, the FBI announced the Shutdown of a Ransomware group named “Radar/Dispossessor”. This ransomware group was reportedly run by a person who goes by the […]

The post FBI Shuts Down Dispossessor Ransomware Operations, Domains Dismantled appeared first on Cyber Security News.

A newly discovered vulnerability in the Common Log File System (CLFS.sys) driver of Windows has been identified, potentially affecting millions of devices running Windows 10, Windows 11, and various Windows Server versions. Tracked as CVE-2024-6768, this vulnerability allows a malicious authenticated low-privilege user to trigger a Blue Screen of Death (BSOD) through a forced call […]

The post CLFS Vulnerability Let Hackers Trigger BSOD Error On All Versions Of Windows 10 & 11 appeared first on Cyber Security News.

Hackers masquerading as the Security Service of Ukraine have compromised over 100 government systems. The Computer Emergency Response Team of Ukraine (CERT-UA) at the State Service of Special Communications and Information Protection (SSSCIP) reported the incident on August 12, highlighting the sophisticated tactics employed by the attackers. Malicious Emails Target Government Bodies The attack began […]

The post Hackers Posing as Security Service Compromised 100 Govt Systems appeared first on Cyber Security News.

Elon Musk, who owns the social media platform X (which used to be called Twitter), said that the platform was hit by a massive Distributed Denial-of-Service (DDoS) attack. This happened at the same time as a planned live interview with former President Donald Trump. The attack aimed to disrupt X’s services by overwhelming it with […]

The post Elon Musk Reports Massive DDoS Attack on X Amid Trump Interview appeared first on Cyber Security News.

Researchers have uncovered a sophisticated phishing marketplace, the ONNX Store, which provides cybercriminals with advanced tools to hijack Microsoft 365 accounts. Alarmingly, these tools include methods for bypassing two-factor authentication (2FA), a critical security measure that many organizations rely on to protect sensitive information. This discovery underscores the urgent need for corporate information security teams […]

The post ONNX Bot Tool Hijacks Microsoft 365 accounts & Even Bypass 2FA appeared first on Cyber Security News.