Day: September 6, 2024

Chinese APT sets sights on Middle East government orgs

Middle Eastern government entities, especially those involved in human rights, have been targeted by the Chinese-speaking advanced persistent threat operation Tropic Trooper — also known as APT23, Pirate Panda, Earth Centaur, and KeyBoy — as part of an attack campaign that commenced in June 2023, reports The Hacker News. As part of its latest attacks discovered […]

Apache patches OFBiz bypass vulnerability

Apache patched a bypass vulnerability in its widely used Apache OFBiz open-source enterprise resource and planning software that could have led to an unauthenticated remote code execution on the Linux and Windows platforms. In a Sept. 5 blog post, researchers at Rapid7 explained that even an attacker lacking valid credentials could exploit missing view authorization […]

Penpie loses over $27M from crypto heist

Immediate withdrawal and deposit takedowns, as well as notifications to the FBI’s Internet Crime Complaint Center and the Singaporean police have been conducted by Penpie following the theft on Tuesday. Source link

Multiple Cisco product vulnerabilities addressed

Patches have been issued by Cisco for several security flaws impacting its products, the most severe of which are a pair of critical vulnerabilities in the Smart Licensing Utility, tracked as CVE-2024-20439 and CVE-2024-20440, reports SecurityWeek. Threat actors could leverage CVE-2024-20439 via static credentials to facilitate the compromise of targeted systems with administrative privileges while intrusions involving CVE-2024-20440 […]

Misconfigured Elasticsearch database exposes 762K Chinese car owners

Cybernews reports that information from 762 car owners in China has been exposed by a misconfigured Elasticsearch server hosted on a U.S.-based IP address for at least two days before being discovered last month. Individuals’ full names, birthdates, phone numbers, ID numbers, email addresses, home addresses, vehicle identification numbers, car brands and models, engine numbers, and vehicle colors […]

Widespread WordPress site takeovers likely with critical LiteSpeed Cache bug

More than six million WordPress sites could be hijacked in attacks exploiting the recently patched critical unauthenticated account takeover vulnerability in the LiteSpeed Cache plugin, tracked as CVE-2024-44000, BleepingComputer reports. Exploitation of the flaw, which stems from LiteSpeed Cache’s debug logging functionality, could be conducted by attackers with ‘/wp-content/debug.log’ file access to exfiltrate users’ session cookies, spoof […]

Critical Apache OFBiz flaw patched

BleepingComputer reports that updates have been provided by Apache to address a critical flaw in its open-source enterprise resource planning system OFBiz, tracked as CVE-2024-45195, which could be leveraged to facilitate arbitrary code execution on Windows and Linux servers. Such a vulnerability evades fixes issued for previous OFBiz bugs, tracked as CVE-2024-38856, CVE-2024-36104, and CVE-2024-32113, all of […]

Zero-trust adoption almost completed by most federal agencies

Zero-trust implementation has been 87% completed across federal agencies on average ahead of the September 30 deadline, according to FedScoop. Moreover, all Chief Financial Officers Act agencies recorded completion rates in the high 90% range, said federal Chief Information Officer Clare Martorana during a Billington Cybersecurity Summit panel. Cybersecurity efforts that sought federal zero-trust adoption have been […]

New cyber hiring sprint aims to address workforce gap

Ongoing gaps in the U.S. cybersecurity workforce that have left nearly half a million jobs unfilled have prompted the Office of the National Cyber Director to introduce the new Service for America cyber hiring sprint that would link jobseekers to cyber jobs within the next two months, The Register reports. Numerous career events tackling the federal job application process […]

Enabling a Digitally Connected Society: How Cornerstone is Connecting the Four Corners of the UK

Insight by Jamie Hayes, Chief Sales and Commercial Officer, Cornerstone  As I reflect on our journey leading up to Connected Britain 2024, it’s incredible to think that seamless, high-speed internet—once a luxury—is now becoming a fundamental right that fuels innovation and growth across the UK. I’m genuinely excited about Cornerstone’s role in enabling a digitally […]