Trusted Cybersecurity News Platform
Personal data belonging to over 7.5 million customers of boAt, a leading Indian consumer electronics brand, has been compromised and is now circulating on the dark web. This breach has exposed many personally identifiable information (PII), posing significant risks to affected customers and raising serious concerns about the company’s data security measures. Overview of the…
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of “improper neutralization of special elements” that could pave the way for arbitrary code execution. It was addressed by the company as part of…
Hackers have manipulated a popular Notepad++ plugin, injecting malicious code that compromises users’ systems upon execution. The AhnLab Security Intelligence Center (ASEC) researchers have revealed that the “mimeTools.dll” plugin, which is widely used, was modified to carry out the attack. Notepad++, a text and source code editor favored by programmers and writers for its versatility and plugin…
Multiple security flaws affecting VMware SD-WAN have been addressed, allowing arbitrary commands to be executed on the intended system. If these vulnerabilities are successfully exploited, enterprises that use VMware SD-WAN to manage their network connections may be exposed to serious threats. The vulnerabilities tracked as CVE-2024-22246, CVE-2024-22247, and CVE-2024-22248 impact VMware SD-WAN Edge and SD-WAN Orchestrator….
Recently, cybersecurity researchers have uncovered a critical command injection vulnerability affecting approximately 92,000 D-Link Network Attached Storage (NAS) devices. This flaw poses a significant security risk as it allows threat actors to execute arbitrary commands remotely, potentially compromising the integrity and confidentiality of stored data. The vulnerability stems from a flaw in the D-Link DNS-320L,…
Google fixed three vulnerabilities in the Chrome browser on Tuesday, along with another zero-day exploit that was exploited during the Pwn2Own Vancouver 2024 hacking contest. Google recently fixed two more zero-day vulnerabilities that were exploited during the Pwn2Own hacking competition. Palo Alto Networks’ Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) reported the vulnerability identified as CVE-2024-3159 on March 22,…
The FCC (Federal Communications Commission) seeks public input regarding measures by communications providers to address vulnerabilities in SS7 and Diameter protocols that enable tracking consumers’ mobile device locations without consent. The protocols Diameter and SS7 are important for the telecoms infrastructure, allowing functions such as call routing, network interconnections, and mobility support. However, several reports have highlighted…
A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL injection impacting versions from 7.9.11 through 7.10.0….
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0), came to light last week when Microsoft engineer and PostgreSQL developer Andres Freund alerted…
The critical vulnerabilities in JumpServer’s Ansible that allowed attackers to execute arbitrary remote code have been patched. With a CVSS base score of 10, the critical vulnerabilities identified as CVE-2024-29201 and CVE-2024-29202 impact versions v3.0.0-v3.10.6. A jump server is an intermediary device that uses a supervised secure channel to route traffic across firewalls. It is often most advantageous…