Sunday, May 26, 2024

Communications

Microsoft Announces Phasing Out VBScript for JavaScript and PowerShell

As part of plans to favour the release of more advanced alternative applications such as JavaScript and PowerShell, Microsoft on Wednesday announced the deprecation...

Flaws in Python Package for AI Models and PDF.js Used by Firefox Could Become a Goldmine for Cybercriminals

According to cybersecurity researchers, a loophole in llama_cpp_python python package tagged CVE-2024-34359 with a CVSS score of 9.7 could result in exploitation by threat actors. One of the...

GitHub and FileZilla Becomes a Platform for Delivering Cocktail Malware

Cybercriminals (Possibly Russian-speaking threat actors from the Commonwealth of Independent States) impersonating 1Password, Bartender 5 and Pixelmator software and fake Github profiles and repositories begin...

The Surge of Spam: How Enterprises are Overwhelmed by Emails and Phone Calls

A recent discovery by cybersecurity researchers revealed an ongoing social engineering campaign targeting and attacking enterprises with massive spam emails aiming to achieve access...

Critical F5 Central Manager Vulnerabilities Puts Clients at Risk of Full Device Takeover

The two critical security vulnerabilities are tagged CVE-2024-21793 and CVE-2024-26026. CVE-2024-21793 has a CVSS score of 7.5. It’s a 0Data  injection vulnerability capable of allowing unauthenticated attackers to gain...

Over 50,000 Hosts Vulnerable to Remote Code Execution Due to Critical Tinyproxy Flaw

A critical vulnerability, tracked as CVE-2023-49606, has been discovered in Tinyproxy, an HTTP/HTTPS proxy tool. This vulnerability allows unauthenticated attackers to execute arbitrary code...

Aruba Devices Exposed to RCE Attack Due to Four Critical Vulnerabilities 

The four critical vulnerabilities listed below among ten found security flaws have contributed immensely to the exposure by impacting Mobility Conductor (formerly Mobility Master), Mobility Controllers, and...

Default Passwords Are No Longer Acceptable From April 2024 on Smart Devices

Information from the U.K. National Cyber Security (NCSC) has highlighted beckoning manufacturers of smart devices to comply with new legislation prohibiting default passwords. The...

Two Cisco Zero-Day Vulnerabilities Get Exploited by State-Sponsored Hackers for Espionage

The cybersecurity report has highlighted two highly critical zero-day vulnerabilities in Cisco networking gear. Threat actors have exploited these vulnerabilities to deliver custom malware...

Iranian Firms and Accomplices in Cyber Attack Sanctioned by U.S. Treasury

The United States treasury has taken a significant step by sanctioning an Iranian firm and individuals involved in a severe cyber attack. The statement...