AVTECH IP Cameras Vulnerable to Zero-Day Attack A critical vulnerability, CVE-2024-7029, with a CVSS score of 8.7 has resurfaced in AVTECH IP cameras, much to the delight of malicious actors looking to exploit this flaw as a zero-day. This flaw, identified as a command injection vulnerability within the brightness function of AVTECH closed-circuit television (CCTV)…
Fortra Resolves Critical Security Vulnerability in FileCatalyst Workflow Fortra, a leading IT security firm, has recently mitigated a severe security vulnerability affecting FileCatalyst Workflow. This flaw could potentially be exploited by a malicious remote attacker to obtain administrative privileges within the system. The identified vulnerability has been designated as CVE-2024-6633 and has received a high…
South Korea-Aligned Cyber Espionage Group Exploits Zero-Day Vulnerability in Kingsoft WPS Office In a recent incident, a cyber espionage group aligned with South Korea has been found exploiting a critical remote code execution vulnerability in Kingsoft WPS Office. This flaw, once zero-day and now patched, allowed the attackers to deploy a customized backdoor known as…
The BlackByte ransomware group exploits VMware ESXi security flaw The BlackByte ransomware group is like a persistent mosquito buzzing around the digital space, finding its way into vulnerable systems. They have been seen taking advantage of a security flaw that recently plagued VMware ESXi hypervisors, exploiting it to wreak havoc on unsuspecting victims. Disarming security…
The Rise of QR Code Phishing In the vast expanse of cyber threats, a new tactic has been brewing: QR code phishing, affectionately known as ‘quishing’ by cybersecurity insiders. The latest craze involves miscreants leveraging Microsoft Sway infrastructure to host fake pages, thereby exploiting legitimate cloud services for less-than-honorable endeavors. Legitimacy in the Shadows Netskope…
The High-Stakes: CISA Adds Critical Security Flaw of Apache OFBiz to KEV Catalog In a recent development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken a strong stance by including a critical security flaw related to the Apache OFBiz open-source enterprise resource planning (ERP) system in its Known Exploited Vulnerabilities (KEV) catalog. This…
WPML WordPress Plugin Vulnerability Exposes Critical Security Flaw A recent disclosure has shed light on a critical security flaw affecting the WPML WordPress multilingual plugin. This vulnerability opens the door for authenticated users to remotely execute arbitrary code under specific conditions, making it a serious threat to website security. Details of the Vulnerability The vulnerability,…
Chinese Instant Messaging Apps Targeted by Apple macOS Backdoor In a recent development, users of popular Chinese instant messaging apps such as DingTalk and WeChat have become the prime targets of a malicious backdoor called HZ RAT. This Apple macOS version of the backdoor is causing concern among cybersecurity experts. Replicating Windows Functionality According to…
The China-nexus cyber espionage group Volt Typhoon Strikes A recent cyber threat has emerged from a group known as Volt Typhoon, who are believed to have orchestrated a zero-day exploitation of a serious security vulnerability affecting Versa Director. This incident has targeted five victims, with four in the U.S. and one overseas. The victims include…
Exploring the Latest Trends in SecOps for 2024 In the dynamic world of cybersecurity, staying ahead of the latest trends is crucial. Gartner’s Hype Cycle for Security Operations for 2024 offers valuable insights into the evolving landscape of SecOps. One of the key areas highlighted in the report is Continuous Threat Exposure Management (CTEM), which…