TheHackersNewsThe Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system. "An SQL injection...

TheHackersNewsThe Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered the artifact as part of a "recent" investigation into a compromised machine in Asia that was also infected with the BellaCiao malware. BellaCiao was first...

TheHackersNewsCybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, attracted 118 and 164 downloads each, prior to them being taken down....

TheHackersNewsJapanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. "The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces," the agencies said. "TraderTraitor activity is often characterized by targeted social...

TheHackersNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that...

TheHackersNewsThe Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that...

TheHackersNewsCybersecurity researchers have found that it's possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. "Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect," Palo Alto Networks Unit 42 researchers...

securitymagazine.comDiscover how integrating advanced technology with physical security measures can strengthen your organization’s duty of care, ensuring employee safety, trust, and resilience in an ever-evolving workplace environment....

securitymagazine.comThe rapid adoption of AI and GenAI-powered tools in the enterprise are creating new and highly accessible attack surfaces for threat actors, and legacy tools are struggling to keep pace....

securitymagazine.comDan Gundry, Strategic Director at Barco Control Rooms, discusses how control rooms benefit organizations and security management. ...

securitymagazine.comPerceptions of safety influence holiday shopping habits, with parking lot security being a major factor.  ...

securitymagazine.comExecutives are targeted in mobile spearphishing attacks, and security leaders share their insights. ...

securitymagazine.comWater and wastewater system facilities have been urged to secure internet-exposed human-machine interfaces (HMIs)....

securitymagazine.comThe details of 5 million unique credit and debit cards were exposed in a data breach. ...

securitymagazine.comA new report analyzes scam trends to help organizations prepare for threats in 2025....

securitymagazine.comA threat actor labelled as MUT-1244 has stolen more than 390,000 WordPress credentials. ...

securitymagazine.comAlthough PCI compliance isn’t mandated by law, failing to comply with PCI DSS can result in investigations, fines, and penalties....

securitymagazine.comA United States Bitcoin ATM operator, Byte Federal, recently disclosed a cyber incident. ...

securitymagazine.comOngoing geopolitical issues provide increasing motivation for all security professionals to adopt safeguards against mail-based threats ...

securitymagazine.comLaw enforcement agencies across 15 countries have shut down 27 DDoS-for-hire operations. ...

Weiter