There are a lot of different tasks for software developers, but each and every one of us has had to review old code. Whether it’s checking for a previous version or seeing how someone solved a problem in the past, legacy code is part of the job. But have you ever reviewed previous versions and become frustrated enough to ask “who wrote this code?” and madly hit “git blame” to … [Read more...] about Building a legacy: The art of crafting maintainable systems
systems
French Authorities Launch Operation to Remove PlugX Malware from Infected Systems
Jul 27, 2024NewsroomMalware / Cyber Intelligence French judicial authorities, in collaboration with Europol, have launched a so-called "disinfection operation" to rid compromised hosts of a known malware called PlugX. The Paris Prosecutor's Office, Parquet de Paris, said the initiative was launched on July 18 and that it's expected to continue for "several months." It further … [Read more...] about French Authorities Launch Operation to Remove PlugX Malware from Infected Systems
Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide
Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts," the company's CEO George Kurtz said in a statement. "Mac and Linux hosts are not … [Read more...] about Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide
Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution
Apr 02, 2024NewsroomFirmware Security / Vulnerability The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0), came to light last week when … [Read more...] about Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution
New ‘Loop DoS’ Attack Impacts Hundreds of Thousands of Systems
Mar 20, 2024NewsroomDoS Attack / Network Security A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk. Called Loop DoS attacks, the approach pairs "servers of these protocols in such a way that they communicate with each other … [Read more...] about New ‘Loop DoS’ Attack Impacts Hundreds of Thousands of Systems
New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
Jan 11, 2024NewsroomVulnerability / Cyber Attack Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe … [Read more...] about New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems
Oct 05, 2023NewsroomNetwork Security / Software Patch Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials. The vulnerability, tracked as CVE-2023-20101 (CVSS score: 9.8), is due to the presence of static user credentials for the … [Read more...] about Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems
Advanced Linux Malware Targeting South Korean Systems
Aug 05, 2023THNLinux / Malware Threat actors are using an open-source rootkit called Reptile to target Linux systems in South Korea. "Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse shell, allowing threat actors to easily take control of systems," the AhnLab Security Emergency Response Center … [Read more...] about Advanced Linux Malware Targeting South Korean Systems
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection
Jul 24, 2023THNLinux / Network Security Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of … [Read more...] about New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection
Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks
Jul 13, 2023THNOT/ICS, SCADA Cybersecurity The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted of two security flaws impacting Rockwell Automation ControlLogix EtherNet/IP (ENIP) communication module models that could be exploited to achieve remote code execution and denial-of-service (DoS). "The results and impact of exploiting these vulnerabilities … [Read more...] about Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks