Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk – OfficialSarkar

Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk – OfficialSarkar

Aug 22, 2024Ravie LakshmananVulnerability / Network Security SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances. “The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing [a] remote unauthenticated…

Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide – OfficialSarkar

Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide – OfficialSarkar

Aug 22, 2024Ravie LakshmananHardware Security / Supply Chain Attack Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms and office doors. The attacks have been demonstrated against FM11RF08S, a new variant of MIFARE Classic that was…

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control – OfficialSarkar

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control – OfficialSarkar

Aug 22, 2024Ravie LakshmananNetwork Security / Zero-Day Details have emerged about a China-nexus threat group’s exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399…

New ‘ALBeast’ Vulnerability Exposes Weakness in AWS Application Load Balancer – OfficialSarkar

New ‘ALBeast’ Vulnerability Exposes Weakness in AWS Application Load Balancer – OfficialSarkar

Aug 22, 2024Ravie LakshmananCloud Security / Application Security As many as 15,000 applications using Amazon Web Services’ (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That’s according to findings from Israeli cybersecurity company Miggo, which dubbed the problem…

The Facts About Continuous Penetration Testing and Why It’s Important – OfficialSarkar

The Facts About Continuous Penetration Testing and Why It’s Important – OfficialSarkar

What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization’s digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an evolving attack surface…

GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges – OfficialSarkar

GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges – OfficialSarkar

Aug 22, 2024Ravie LakshmananEnterprise Software / Vulnerability GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score…

Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access – OfficialSarkar

Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access – OfficialSarkar

Aug 22, 2024Ravie LakshmananWebsite Security / Vulnerability Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. “The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could…

Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild – OfficialSarkar

Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild – OfficialSarkar

Aug 22, 2024Ravie LakshmananBrowser Security / Vulnerability Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. “Type…

New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining – OfficialSarkar

New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining – OfficialSarkar

Aug 22, 2024Ravie LakshmananDatabase Security / Cryptocurrency Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that’s designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. “Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords,” Aqua security researcher Assaf Morag said…

North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign – OfficialSarkar

North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign – OfficialSarkar

Aug 21, 2024Ravie LakshmananCyber Espionage / Malware A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level…