Dec 28, 2024Ravie LakshmananVulnerability / Threat Intelligence A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and … [Read more...] about 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
Exposed
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
Sep 13, 2024Ravie LakshmananVirtual Reality / Vulnerability Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. "A novel … [Read more...] about Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign
Feb 01, 2024NewsroomCryptojacking / Linux Security Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. "The campaign deploys a benign container generated using the Commando project," Cado security researchers Nate Bill and Matt Muir said in a new report published today. "The attacker escapes this … [Read more...] about Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign
TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks
Jan 18, 2024NewsroomSupply Chain Attacks / AI Security Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of TensorFlow releases on … [Read more...] about TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks
Exposed Secrets are Everywhere. Here’s How to Tackle Them
Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative. However, … [Read more...] about Exposed Secrets are Everywhere. Here’s How to Tackle Them
Critical Security Flaws Exposed in Nagios XI Network Monitoring Software
Sep 20, 2023THNNetwork Security / Vulnerability Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on … [Read more...] about Critical Security Flaws Exposed in Nagios XI Network Monitoring Software
Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack
Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its … [Read more...] about Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack
Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet
An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner. It's not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a "lesser-known technique" designed to trick the servers into writing data to arbitrary files – a … [Read more...] about Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet
Uber Claims No Sensitive Data Exposed in Latest Breach… But There’s More to This
Uber, in an update, said there is "no evidence" that users' private information was compromised in a breach of its internal computer systems that was discovered late Thursday. "We have no evidence that the incident involved access to sensitive user data (like trip history)," the company said. "All of our services including Uber, Uber Eats, Uber Freight, and the Uber Driver app … [Read more...] about Uber Claims No Sensitive Data Exposed in Latest Breach… But There’s More to This
Samsung Admits Data Breach that Exposed Details of Some U.S. Customers
South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach. "In late July 2022, an unauthorized third-party acquired information from some of Samsung's U.S. systems," the company disclosed in a notice. "On or around August 4, … [Read more...] about Samsung Admits Data Breach that Exposed Details of Some U.S. Customers