The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below – CVE-2019-9874 (CVSS score: 9.8) – A deserialization vulnerability in the Sitecore.Security.AntiCSRF Go to Source Author:
Author Archives: Onsite Computing, Inc.
A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that’s used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources. The vulnerability, tracked as Go to Source Author:
The UK Information Commissioner’s Office (ICO) has fined Advanced Computer Software Group Ltd £3.07 million over a 2022 ransomware attack that exposed the sensitive personal data of 79,404 people, including National Health Service (NHS) patients. […] Go to Source Author: Bill Toulas
Hunt quickly took to his blog to notify the public of the breach and provide further details on how this could have happened. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. […] Go to Source Author: Lawrence Abrams
Attackers don’t always need to resort to sophisticated gambits to break and enter; organizations often make it easy for them to walk right in. Go to Source Author: Jai Vijayan, Contributing Writer
Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. […] Go to Source Author: Bill Toulas
A new cybercrime platform named ‘Atlantis AIO’ provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. […] Go to Source Author: Bill Toulas
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely […]
Claude could be getting a ChatGPT-like Deep Research feature called Compass. You can tell Claude’s Compass what you need, and the AI agent will take care of everything. […] Go to Source Author: Mayank Parmar