Trusted Cybersecurity News Platform
In a startling revelation, cyberattacks have surged to more than double their pre-pandemic levels, casting a long shadow over global financial stability. The International Monetary Fund (IMF) highlighted this alarming trend in its April 2024 Global Financial Stability Report, underscoring the escalating risk of catastrophic financial losses due to cyber incidents. Historically, direct financial losses…
Node.js project disclosed a high-severity vulnerability affecting multiple active release lines of its software on Windows platforms. This flaw, identified as CVE-2024-27980, allows attackers to execute arbitrary commands on affected systems, posing a serious risk to applications and services built on Node.js. Node.js Flaw Lets Attackers Execute Malicious Code The core of the vulnerability lies…
A product security incident response team (PSIRT) manages a vulnerability disclosure program by acting as a single point of contact for external reporters, including customers, partners, penetration testers, and security researchers. They provide a standardized process for reporting security vulnerabilities found in the organization’s products and services. They prioritize private disclosure conducted in a way…
Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. “An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated…
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in an advisory, said it does not plan to ship a…
2023 CL0P Growth Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the ‘CryptoMix’ ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to 2022. But in 2023 the CL0P ransomware gang took itself…
Threat actors have been discovered exploiting a Fortinet Forticlient EMS vulnerability to install unauthorized RMM tools and PowerShell backdoors on the targeted systems. The vulnerability exploited by the threat actors was CVE-2023-48788. Moreover, an external inbound network connection was found to connect with the FCMdaemon process, followed by downloading and executing RMM tools or PowerShell-based backdoors….
A recent lawsuit was filed by Google against two app developers, Yunfeng Sun (also known as Alphonse Sun) and Hongnam Cheung (also known as Zhang Hongnim and Stanford Fischer), for their alleged involvement in an international online investment fraud scheme. As a consequence of the Defendants’ breach, Google has incurred economic losses exceeding $75,000. These losses stem…
In a significant move to bolster the security of its widely-used V8 JavaScript engine, Google has unveiled the V8 Sandbox, a cutting-edge mechanism to prevent memory corruption attacks. The V8 Sandbox represents a proactive approach to cybersecurity, operating under the assumption that attackers may gain arbitrary read and write access within the sandbox environment. The…
Cisco Nexus Dashboard Fabric Controller is a network management platform for all NX-OS-enabled devices. It enables data center operation teams to perform deep-dive troubleshooting and maintenance operations. A new vulnerability has been discovered in the Cisco Nexus Dashboard Fabric Controller, which was associated with the Out-of-band (OOB) Plug and Play (PnP) feature. This vulnerability allows…