The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system. […]
Author Archives: Onsite Computing, Inc.
The Iranian nation-state hacking group known as Charming Kitten has been observed deploying a C++ variant of a known malware called BellaCiao. Russian cybersecurity company Kaspersky, which dubbed the new version BellaCPP, said it discovered the artifact as part of a “recent” investigation into a compromised machine in Asia that was also infected with the […]
A new Mirai-based malware campaign is actively exploiting unpatched vulnerabilities in Internet of Things (IoT) devices, including DigiEver DS-2105 Pro DVRs. […] Go to Source Author: Bill Toulas
European Space Agency’s official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout. […] Go to Source Author: Ionut Ilascu
“Zero trust” doesn’t mean “zero testing.” Go to Source Author: Rob Sloan, Sam Curry
The North Korean hacker group ‘TraderTraitor’ stole $308 million worth of cryptocurrency in the attack on the Japanese exchange DMM Bitcoin in May. […] Go to Source Author: Bill Toulas
Changes at CISA and promises of more public-private partnerships and deregulation are just a few ways the incoming administration could upend the feds’ role in cybersecurity. Go to Source Author: Becky Bracken, Senior Editor, Dark Reading
The security extensions for the Domain Name System aimed to make the Internet more reliable, but instead the technology has exchanged one set of problems for another. Go to Source Author: Robert Lemos, Contributing Writer
Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, attracted 118 and 164 downloads each, prior to them being taken down. […]
The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands. […] Go to Source Author: Bill Toulas