Victim: [i2p-torrent] Roberto Verino Difusion Country : ES Actor: ransomhouse Source: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid.onion/r/387629bd15888cbd52ed0a9e9da2b573e9d59171 Discovered: 2024-10-11 16:12:09.391684 Published: 2023-05-04 00:00:00.000000 Description : Discover the new Roberto Verino collection. Fashion, accessories and trends …
Tag: VULNERABILITY
The video discusses the IBM X-Force Cloud Threat Landscape Report and its seven key takeaways, shedding light on the importance of securing cloud environments as adoption rates surge.…
The video discusses major cybersecurity vulnerabilities and incidents including a critical exploit affecting VMware ESXi hypervisor, updates on CrowdStrike’s service outage, the discovery of a sophisticated malware distribution …
Summary: A recent alert from Sophos X-Ops MDR highlights a surge in ransomware attacks exploiting the critical CVE-2024-40711 vulnerability in Veeam Backup & Replication software. Attackers have been leveraging this …
Victim: blalockcompanies.com Country : US Actor: ransomhub Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/18238e39-1b6a-4793-876a-daa585aaf237/ Discovered: 2024-10-08 19:16:20.825688 Published: 2024-10-04 16:07:23.000000 Description : Blalock Companies is a multifaceted organization known for its expertise in construction, transportation, …
Summary: Progress Software has issued a security advisory regarding four critical vulnerabilities in the Telerik Report Server, which could lead to severe security risks for organizations. These vulnerabilities include credential …
Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a vulnerability in the F5 BIG-IP Local Traffic Manager (LTM) module, which involves unencrypted persistent cookies …
Trend Micro’s investigation into the Earth Simnavaz APT group reveals their advanced tactics targeting critical sectors in the UAE, utilizing sophisticated malware and exploiting vulnerabilities for espionage and …
FortiGuard Labs reported on a critical security incident involving the Ivanti Cloud Services Appliance (CSA), where an advanced adversary exploited multiple vulnerabilities, including CVE-2024-8190, to gain unauthorized access …
Summary: Multiple security vulnerabilities have been identified in the Manufacturing Message Specification (MMS) protocol implementations, posing significant risks to industrial environments, including potential remote code execution and device crashes. The …
Summary: Schneider Electric has issued a critical security notification regarding a vulnerability (CVE-2024-8884) in the System Monitor application of their Harmony Industrial PC Series and Pro-face PS5000 Legacy Industrial PC …
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Fortinet products to its Known Exploited Vulnerabilities catalog, indicating active exploitation. Additionally, multiple security flaws …
Summary: A critical vulnerability (CVE-2024-36814) in AdGuard Home allows authenticated attackers to read arbitrary files on the system, potentially exposing sensitive information. Discovered by security researcher Jack Moran, this flaw …
Summary: A critical vulnerability, CVE-2024-47823, has been discovered in Livewire, a Laravel framework, allowing attackers to exploit file uploads for Remote Code Execution (RCE). The flaw arises from improper validation …
Summary: Mozilla has disclosed a critical security vulnerability in Firefox and Firefox Extended Support Release (ESR) that is actively being exploited, identified as CVE-2024-9680. The flaw, a use-after-free bug in …
Threatwire Summary
Threatwire SummaryThe video discusses a record-setting DDoS attack mitigated by Cloudflare, reaching peaks of 3.8 terabits per second and affecting various sectors without interrupting service. Additionally, new …
Summary: Adobe has released critical security updates for its product suite to address multiple vulnerabilities that could allow unauthorized access and code execution. Users are strongly encouraged to update their …
Summary: A critical security vulnerability, CVE-2024-45720, has been discovered in Apache Subversion, affecting Windows platforms and allowing for command line argument injection that could lead to the execution of unintended …
Summary: A recent analysis revealed a critical local privilege escalation vulnerability (CVE-2024-9473) in Palo Alto Networks’ GlobalProtect MSI installer, allowing low-privileged attackers to gain SYSTEM-level access. This security flaw affects …
Summary: GitLab has released critical security updates in versions 17.4.2, 17.3.5, and 17.2.9 for both Community and Enterprise Editions to address several significant vulnerabilities, including a critical flaw (CVE-2024-9164) that …
Summary: Cyble’s Vulnerability Intelligence unit has reported a surge in cyberattacks targeting various IT products, highlighting the exploitation of both new and existing vulnerabilities. The report emphasizes the need for …
Summary: Microsoft has released patches for two actively exploited zero-day vulnerabilities and three additional publicly disclosed vulnerabilities in its latest Patch Tuesday update. The vulnerabilities pose significant risks to organizations, …
Video Summary and Keypoints
Short SummaryThe video discusses the testing and exploitation of file upload vulnerabilities, specifically focusing on a vulnerability known as “zip slip.” The presenter elaborates on …
Summary: A critical vulnerability (CVE-2024-41798) in Siemens SENTRON PAC3200 power meters allows attackers to gain administrative access easily, with a CVSS score of 9.8 indicating severe security flaws. The reliance …
Summary: ESET researchers have uncovered a sophisticated cyberespionage campaign by the APT group GoldenJackal, targeting air-gapped systems within governmental organizations in Europe. This blogpost details previously undocumented tools used by …
Short Summary:
Check Point Research has identified a cyber-enabled disinformation campaign, dubbed Operation MiddleFloor, targeting Moldova’s government and education sectors. The campaign, which began in early August, aims to influence …
Summary: Recent research by Amit Geynis has revealed critical vulnerabilities in modern vehicles, raising alarms about the safety of connected cars. The findings indicate several zero-day exploits in Electronic Control …
Summary: A critical vulnerability (CVE-2024-47561) in the Apache Avro Java SDK allows for arbitrary code execution on affected instances, impacting all versions prior to 1.11.4. Users are advised to upgrade …
Threat Actor: Anonymous | Anonymous Victim: IntelX | IntelX Price: Contact for details Exfiltrated Data Type: Zero-day vulnerability
Key Points :
An anonymous threat actor claims to be selling a…Summary: Researchers have disclosed a critical use-after-free vulnerability in the Linux kernel (CVE-2023-52447) that affects versions from v5.8 to v6.6, posing significant risks for containerized environments. A proof-of-concept exploit has …
Summary: Security researcher Peter Gabaldon disclosed critical vulnerabilities in TeamViewer, enabling local privilege escalation attacks on Windows systems. The flaws, CVE-2024-7479 and CVE-2024-7481, arise from improper cryptographic signature verification during …
Summary: Google Pixel phones, particularly the Pixel 9, have enhanced security features to protect against vulnerabilities in the cellular baseband, which manages network connectivity and can be a target for …
Summary: This blog post provides an in-depth analysis of the LemonDuck malware, which exploits the EternalBlue vulnerability (CVE-2017-0144) in SMB services for cryptocurrency mining. It details the attack methodology, persistence …
Summary: In 2023, federal civilian agencies addressed over 7,000 vulnerabilities through the Vulnerability Disclosure Policy Platform, with a significant increase in both identified and remediated vulnerabilities compared to the previous …
Summary: Qualcomm’s October 2024 Security Bulletin reveals critical vulnerabilities in its chipsets, particularly affecting Snapdragon mobile platforms and FastConnect solutions, posing significant risks to users. The bulletin highlights several vulnerabilities, …
Summary: Apple has issued updates for iOS and iPadOS to fix two significant security vulnerabilities, one allowing saved passwords to be read aloud by VoiceOver and another affecting audio capture …
Summary: A persistent and sophisticated malware dropper known as “perfctl” is targeting Linux servers globally, exploiting vulnerabilities to deploy cryptomining and proxyjacking malware. Recent analyses reveal extensive exploit paths and …
Short Summary:
ESET researchers have uncovered a series of cyberespionage attacks attributed to the APT group GoldenJackal, targeting governmental organizations in Europe. The group has utilized sophisticated tools to compromise …
Summary: Redis has identified three critical security vulnerabilities, including remote code execution and denial-of-service risks, urging users to update their installations immediately. The most severe vulnerability, CVE-2024-31449, could allow attackers …
Summary: Cisco has issued a security advisory regarding multiple vulnerabilities in its Small Business RV340 series routers, which could allow remote attackers to escalate privileges and execute arbitrary commands. These …
Summary: MediaTek has released a Product Security Bulletin in October 2024 detailing critical vulnerabilities in its chipsets that could lead to remote code execution, privilege escalation, and denial-of-service attacks. The …
Summary: A critical vulnerability (CVE-2024-45409) in the Ruby-SAML and OmniAuth-SAML libraries has been discovered, allowing attackers to bypass SAML authentication in GitLab’s system. This flaw stems from weaknesses in the …
Summary: A critical local privilege escalation vulnerability (CVE-2024-44193) affecting iTunes version 12.13.2.3 has been disclosed, allowing attackers to gain SYSTEM-level access on Windows systems. Apple has patched the flaw, which …
Summary: A critical vulnerability (CVE-2024-47191) in the OATH-Toolkit’s PAM module exposes systems to root-level exploits during one-time password (OTP) authentication. Discovered by SUSE Security Team members, the flaw allows unprivileged …
Summary: Cybersecurity researchers are alerting organizations about active exploitation attempts of a newly disclosed vulnerability, CVE-2024-45519, in Synacor’s Zimbra Collaboration software. The flaw allows unauthenticated attackers to execute arbitrary commands, …
Summary: The Jenkins project has issued a critical security advisory urging users to update their installations due to multiple vulnerabilities that could lead to data theft and unauthorized control of …
Cloud Computing Security Insights
Cloud Computing Security Insights SummaryThe video discusses the expected growth of the cloud computing industry, reaching 0 billion in 2024, and highlights the increased security …
Video Summary
SummaryThe video discusses the importance of development in enhancing skills for penetration testing. It highlights how proficiency in development can aid in various phases of testing, from …
Summary: Cybersecurity researchers have revealed that 5% of Adobe Commerce and Magento stores have been compromised due to a critical vulnerability known as CosmicSting, which allows remote code execution. The …
The video discusses the biggest heist of all time involving Axie Infinity, where hackers stole 5 million from the game’s developer, Sky Mavis. The incident was primarily facilitated …