Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution – OfficialSarkar

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution – OfficialSarkar

Sep 06, 2024Ravie LakshmananCybersecurity / Vulnerability A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16….

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues – OfficialSarkar

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues – OfficialSarkar

Sep 05, 2024Ravie LakshmananThreat Prevention / Software Security Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below – CVE-2024-40711 (CVSS score: 9.8) – A vulnerability in Veeam Backup & Replication…

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East – OfficialSarkar

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East – OfficialSarkar

Sep 05, 2024Ravie LakshmananMalware / Human Rights Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. “Sighting this group’s [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to…

U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown – OfficialSarkar

U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown – OfficialSarkar

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S. money laundering and criminal trademark laws, the agency called out companies Social Design…

NIST Cybersecurity Framework (CSF) and CTEM – Better Together – OfficialSarkar

NIST Cybersecurity Framework (CSF) and CTEM – Better Together – OfficialSarkar

Sep 05, 2024The Hacker NewsThreat Detection / Vulnerability Management It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established…

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore – OfficialSarkar

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore – OfficialSarkar

Sep 05, 2024Ravie LakshmananCyber Threat / Malware Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats…

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm – OfficialSarkar

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm – OfficialSarkar

Sep 05, 2024Ravie LakshmananCyber Attack / Malware The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of targeting…

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks – OfficialSarkar

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks – OfficialSarkar

Sep 05, 2024Ravie Lakshmanan Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information. A brief description of the two vulnerabilities is below – CVE-2024-20439 (CVSS score: 9.8) – The presence of an undocumented static user…

North Korean Hackers Targets Job Seekers with Fake FreeConference App – OfficialSarkar

North Korean Hackers Targets Job Seekers with Fake FreeConference App – OfficialSarkar

North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview. The new attack wave, spotted by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native installers for Windows and…

Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers – OfficialSarkar

Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers – OfficialSarkar

Sep 04, 2024Ravie LakshmananVulnerability / Network Security Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands. Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command…