Magánszemélyeknek

The future of application security is no longer about reacting to the inevitable — it's about anticipating and preventing attacks before they can cause damage.

Attackers with at least "manager" privileges could leverage the BIG-IP vulnerability, tracked as CVE-2024-45844, to facilitate privilege escalation and systems compromise.

Only 12% of critical infrastructure professionals disclosed ransomware attacks against their organizations during the past 12 months, with half of the intrusions affecting either the OT network alone or both IT and OT networks.

Attackers leveraged a Nidec Precision employee's valid VPN account credentials to infiltrate the firm's server, enabling the exfiltration of more than 50,000 files, all of which remain unencrypted, including internal files, green procurement-related documents, communications from business partners, contracts, business documents, and labor safety and health policies.

Advanced malware injection attacks have been conducted by threat actors against at least three reputable Radiant Capital contributors' devices, which were later leveraged to validate malicious transactions.

"At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published," said Cisco, which emphasized that none of its systems have been compromised and that users' personal and financial data remain intact.

Attackers targeted a government organization in a country part of the Commonwealth of Independent States with an email containing a concealed attached document and distinct tags within its body that facilitate arbitrary JavaScript execution.

Internet Archive's latest breach was noted by the threat actor to have stemmed from the digital library nonprofit's failure to rotate its authentication tokens.

Initial access in a pair of intrusions part of the attack campaign involved Crypto Ghouls utilizing a VPN and a contractor's login credentials, followed by the exploitation of NSSM and Localtonet for remote access.

Malicious emails alerting of state-sponsored intrusions have been sent to lure organizations' cybersecurity teams into downloading the fraudulent "ESET Unleashed program," which features several ESET DLLs and would enable file and data deletion upon execution.