A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People’s Republic of China (PRC)-affiliated threat actors targeting telecommunications providers. “Identified exploitations or compromises associated with these threat actors’ activity align with existing weaknesses associated with victim infrastructure; no novel Go to Source […]
Category Archives: Uncategorized
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing. […]
A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions. IdentityIQ “allows Go […]
Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. “The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook’s spam filters, allowing the malicious emails to reach your inbox,” ANY.RUN said in a series of […]
Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack. Go to Source Author: Jai Vijayan, Contributing Writer
Cisco encourages users to update to an unaffected version of the software since there are no workarounds for the 2014 vulnerability. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
Too much access and privilege, plus a host of unsafe cyber practices, plague most workplaces, and the introduction of tools like GenAI will only make things worse. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group’s cybercriminal tool set. Go to Source Author: Elizabeth Montalbano, Contributing Writer