SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation – OfficialSarkar

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation – OfficialSarkar

Sep 06, 2024Ravie LakshmananNetwork Security / Threat Detection SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10….

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware – OfficialSarkar

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware – OfficialSarkar

Sep 06, 2024Ravie LakshmananCryptocurrency / APT Attack A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8)…

MSP/MSSP Security Strategies for 2025 – OfficialSarkar

MSP/MSSP Security Strategies for 2025 – OfficialSarkar

The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected…

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress – OfficialSarkar

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress – OfficialSarkar

Sep 06, 2024Ravie LakshmananWordPress / Webinar Security Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1….

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity – OfficialSarkar

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity – OfficialSarkar

Sep 06, 2024Ravie LakshmananPrivacy / Data Security Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. “If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself,” Durov said in a 600-word…

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution – OfficialSarkar

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution – OfficialSarkar

Sep 06, 2024Ravie LakshmananCybersecurity / Vulnerability A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16….

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues – OfficialSarkar

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues – OfficialSarkar

Sep 05, 2024Ravie LakshmananThreat Prevention / Software Security Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below – CVE-2024-40711 (CVSS score: 9.8) – A vulnerability in Veeam Backup & Replication…

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East – OfficialSarkar

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East – OfficialSarkar

Sep 05, 2024Ravie LakshmananMalware / Human Rights Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. “Sighting this group’s [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to…

U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown – OfficialSarkar

U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown – OfficialSarkar

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S. money laundering and criminal trademark laws, the agency called out companies Social Design…

NIST Cybersecurity Framework (CSF) and CTEM – Better Together – OfficialSarkar

NIST Cybersecurity Framework (CSF) and CTEM – Better Together – OfficialSarkar

Sep 05, 2024The Hacker NewsThreat Detection / Vulnerability Management It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established…