Attacks on Maximum Severity WS_FTP Bug Have Been Limited — So Far
While CVE-2023-40044 is critical, threat watchers hope it won’t be another MOVEit for customers of Progress Software’s file transfer technology.
Continue ReadingCategory: News
USPS Anchors Snowballing Smishing Campaigns
Researchers found 164 domains connected to a single threat actor located in Tehran.
Continue ReadingQualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation
Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat Analysis Group and Google Project Zero […]
Continue ReadingWarning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch
Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. “These vulnerabilities […] can lead to a full chain Remote
Continue ReadingOver 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers
Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive data from developer systems, according to findings from Fortinet FortiGuard Labs. One set of packages – named @expue/webpack, @expue/core, @expue/vue3-renderer, @fixedwidthtable/fixedwidthtable, and @virtualsearchtable/virtualsearchtable – harbored an obfuscated
Continue ReadingName That Edge Toon: Office Artifacts
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
Continue ReadingRansomware Crisis, Recession Fears Leave CISOs in Tough Spot
Combining robust decryption and orchestration of encrypted traffic with threat prevention is crucial to staying ahead of attackers.
Continue ReadingCERTFR-2023-AVI-0799 : Vulnérabilité dans les produits Microsoft (03 octobre 2023)
Une vulnérabilité a été découverte dans les produits Microsoft. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l’éditeur.
Continue ReadingCERTFR-2023-AVI-0798 : Multiples vulnérabilités dans les produits IBM (03 octobre 2023)
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d’entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et un contournement de la politique de …
Continue ReadingPhotos: Cybertech Europe 2023
The Cybertech Europe conference and exhibition takes place at La Nuvola Convention Center in Rome, and features the latest innovative solutions from dozens of companies and speakers, including senior government officials, C-level executives, and industry trailblazers from Europe and around the world. Conference sessions cover various topics and touch upon different sectors – from security […]
Continue Reading