The High-Stakes: CISA Adds Critical Security Flaw of Apache OFBiz to KEV Catalog In a recent development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken a strong stance by including a critical security flaw related to the Apache OFBiz open-source enterprise resource planning (ERP) system in its Known Exploited Vulnerabilities (KEV) catalog. This…
“`html Copybara, vztrajni Android trojan od leta 2021, se je nedavno razvil z novembrsko posodobitvijo leta 2023. Njegove obsežne zmogljivosti vključujejo beleženje tipkanja, snemanje medijev, prevzem SMS sporočil, zajemanje zaslona, krajo poverilnic in daljinski nadzor naprave. Pogosto se predstavlja kot priljubljena finančna aplikacija, Copybara cilja na uporabnike v Italiji in Španiji ter jih mami s…
WPML WordPress Plugin Vulnerability Exposes Critical Security Flaw A recent disclosure has shed light on a critical security flaw affecting the WPML WordPress multilingual plugin. This vulnerability opens the door for authenticated users to remotely execute arbitrary code under specific conditions, making it a serious threat to website security. Details of the Vulnerability The vulnerability,…
Chinese Instant Messaging Apps Targeted by Apple macOS Backdoor In a recent development, users of popular Chinese instant messaging apps such as DingTalk and WeChat have become the prime targets of a malicious backdoor called HZ RAT. This Apple macOS version of the backdoor is causing concern among cybersecurity experts. Replicating Windows Functionality According to…
The China-nexus cyber espionage group Volt Typhoon Strikes A recent cyber threat has emerged from a group known as Volt Typhoon, who are believed to have orchestrated a zero-day exploitation of a serious security vulnerability affecting Versa Director. This incident has targeted five victims, with four in the U.S. and one overseas. The victims include…
Exploring the Latest Trends in SecOps for 2024 In the dynamic world of cybersecurity, staying ahead of the latest trends is crucial. Gartner’s Hype Cycle for Security Operations for 2024 offers valuable insights into the evolving landscape of SecOps. One of the key areas highlighted in the report is Continuous Threat Exposure Management (CTEM), which…
Unveiling a Vulnerability in Microsoft 365 Copilot Details have recently surfaced about a security vulnerability in Microsoft 365 Copilot that has since been addressed, but its implications are worth noting. This vulnerability could have potentially facilitated the theft of sensitive user data through a method known as ASCII smuggling. The Intricacies of ASCII Smuggling ASCII…
Google Chrome Vulnerability Actively Exploited in the Wild Google recently announced that a security flaw, tracked as CVE-2024-7965, which was patched in a recent security update for its Chrome browser, is being actively exploited in the wild. The vulnerability has been identified as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine, which…
SolarWinds izdaja popravni paket za odpravo kritičnih varnostnih ranljivosti v Web Help Desk SolarWinds je izdal pomemben popravni paket (12.8.3 Hotfix 2), ki odpravlja dve kritični varnostni ranljivosti v SolarWinds Web Help Desk (WHD). Popravni paket vključuje odpravo ranljivosti oddaljene izvedbe kode (Remote Code Execution – RCE), ki je bila predhodno popravljena v WHD 12.8.3…
The Dutch DPA Fines Uber for Data Privacy Violations The Dutch Data Protection Authority (DPA) has set a record by issuing Uber a hefty fine of €290 million, totaling $324 million in U.S. dollars. This substantial penalty was imposed due to Uber’s apparent non-compliance with the stringent data protection regulations set by the European Union…