Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches
Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific class of bugs called Insecure Direct Object Reference (IDOR), a type of access control flaw that occurs […]
Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required
Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an “extremely severe” flaw that could result in pre-authenticated remote code execution on affected installations. Tracked as CVE-2023-38646, the issue impacts open-source editions prior to 0.46.6.1 and Metabase Enterprise
Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild
The Cybersecurity and Infrastructure Security Agency (CISA) added one new vulnerability to its Known Exploited Vulnerabilities Catalog affecting Ivanti Endpoint Manager Mobile, based on evidence of active exploitation. All Federal Civilian Executive Branch (FCEB) agencies must remediate this vulnerability by August 15, 2023 to protect their networks against active threats. We urge everyone else to take this […]
Cl0p Ransomware Strikes Deloitte, Company Refutes Breach
By Waqas In a message on its dark web breach blog, Cl0p Ransomware claims that The company (Deloitte) doesn’t care about its customers; it ignored their security. This is a post from HackRead.com Read the original post: Cl0p Ransomware Strikes Deloitte, Company Refutes Breach
Vulnerabilities exposed Peloton treadmills to malware and DoS attacks
By Habiba Rashid Internet-Connected Gym Equipment Raises Concerns Over Security Vulnerabilities! This is a post from HackRead.com Read the original post: Vulnerabilities exposed Peloton treadmills to malware and DoS attacks
Benefits of hiring a Java web application development company
By Owais Sultan Unlocking the Power: Key Benefits of Java and Hiring a Java Web Application Development Company. This is a post from HackRead.com Read the original post: Benefits of hiring a Java web application development company
What your peers want to know before buying a DLP tool
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Preventing data loss is a concern for almost every organization, regardless of size, especially organizations with sensitive data. Organizations, now more than ever […]
Iranian Stalkerware ‘Spyhide’ Steals Data from 60,000 Android Devices
By Habiba Rashid So far, Spyhide app collected 3.3 million texts and 1.2 million call logs from compromised Android devices. This is a post from HackRead.com Read the original post: Iranian Stalkerware ‘Spyhide’ Steals Data from 60,000 Android Devices
New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads
A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks. Dubbed Nitrogen, the “opportunistic” activity is designed to […]
GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users
Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users. “The impacted Ubuntu versions are prevalent in the cloud as […]