Cyber Defense Advisors

Year: 2024

Home / News / 2024 / Page 75
  • by
  • August 8, 2024

Critical Security Flaw in WhatsUp Gold Under Active Attack – Patch Now

A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3. “The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of […]

Cyber News
  • by
  • August 7, 2024

Cybercrime Rapper Sues Bank over Fraud Investigation

A partial selfie posted by Punchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle. That story […]

Cyber News
  • by
  • August 7, 2024

New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers

Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive. “Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics from the Graz University of Technology […]

Cyber News
  • by
  • August 7, 2024

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim’s web browser and steal sensitive information from their account under specific circumstances. “When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript […]

Cyber News
  • by
  • August 7, 2024

Problems with Georgia’s Voter Registration Portal

It’s possible to cancel other people’s voter registrations: On Friday, four days after Georgia Democrats began warning that bad actors could abuse the state’s new online portal for canceling voter registrations, the Secretary of State’s Office acknowledged to ProPublica that it had identified multiple such attempts… …the portal suffered at least two security glitches that […]

Cyber News
  • by
  • August 7, 2024

New Go-based Backdoor GoGra Targets South Asian Media Organization

An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra. “GoGra is written in Go and uses the Microsoft Graph API to interact with a command-and-control (C&C) server hosted on Microsoft mail services,” Symantec, part of Broadcom, said in a report shared with The Hacker […]

Cyber News
  • by
  • August 7, 2024

CrowdStrike Reveals Root Cause of Global System Outages

Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally. The “Channel File 291” incident, as originally highlighted in its Preliminary Post Incident Review (PIR), has been traced back to a content validation issue that arose after it introduced a new Template […]

Cyber News
  • by
  • August 7, 2024

Pig-butchering scammer targets BBC journalist

Graham CLULEY August 07, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial BBC News cybersecurity journalist Joe Tidy has found himself in the unusual position of being targeted by a scammer calling herself “Jessica”, he revealed in a report this week. According to Tidy, someone posing as an attractive, 36-year-old […]

Cyber News
  • by
  • August 7, 2024

Chameleon Android Banking Trojan Targets Users Through Fake CRM App

Cybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android banking trojan targeting users in Canada by masquerading as a Customer Relationship Management (CRM) app. “Chameleon was seen masquerading as a CRM app, targeting a Canadian restaurant chain operating internationally,” Dutch security outfit ThreatFabric said in a […]

Cyber News