The weekly cybersecurity news summary highlights the recent threats, vulnerabilities, innovations, and emerging attack vectors.
This enables the timely implementation of appropriate security measures and ensures robust system protection against constantly emerging security threats.
Created by a Russian hacker, these packets contain reverse shell and remote code execution vulnerabilities.
This attack could have exposed critical information like Top-Screen surveys, Security Vulnerability Assessments, Site Security Plans, and Personnel Surety Program submissions.
Juniper Networks has announced a crucial vulnerability that affects its Session Smart Router and Session Smart Conductor products, enabling network-based attackers to evade authentication and take over the whole device within highly accessible redundant configurations.
It is consequently a clear indication that developers of AI systems must consider such threats and put up strong security measures like input filtering, system message validation, output filtering, and abuse monitoring.
A major Bluetooth vulnerability tracked as CVE-2024-27867 has led to the release of important firmware updates by Apple for its AirPods and Beats headphones.
Security researcher Jonas Drebler came across this issue, which if exploited can allow attackers who are within a Bluetooth range to initiate connection request spoofing and eventually gain unauthorized access to those earphones.
The reason why WordPress had to release an urgent security update, version 6.5.5, is that it had a couple of dangerous security vulnerabilities that could put at risk the millions of websites it powers.
This update addresses three main security issues, Cross-Site Scripting vulnerability in HTML API, XSS vulnerability in Template Part Block, and Path Traversal on Windows-hosted sites.
Progress Software's file transfer programs MOVEit Transfer and MOVEit Cloud are facing an authentication bypass vulnerability.
A severe SQL injection vulnerability, CVE-2024-5276, has been discovered in previous versions of Fortra FileCatalyst Workflow, specifically 5.1.6 Build 135.
The KakaoTalk Android app which is used by over 100 million people has a crucial vulnerability that allows hackers to leak the user's access token and take over the account.
The vulnerability is a one-click exploit that can be enabled through a harmful deep link that further redirects the user to a DOM XSS vulnerability on a subdomain of KakaoTalk.
Three critical vulnerabilities in ESXi hypervisor have been disclosed by VMware, which allows hackers to bypass authentication mechanisms.
In this case, successful exploitation of these vulnerabilities would enable an attacker to completely gain administrative access to the ESXi host without proper authentication leading to unauthorized control over virtual machines, data breaches, and potential disruption of services.
The stolen data is up for sale on the dark web for $5,000 which conveys volumes about its sensitivity to highly skilled cyber attackers targeting both BSNL itself and other connected network systems.
Google has presented new developments for Chrome Enterprise Core, earlier known as Chrome Browser Cloud Management, in order to assist IT and security teams improve control over the environment of a browser and its security.
The embedded experience includes a blank prompt bar and a guided experience with three pre-populated prompts empowering different security personas to defend against threats at machine speed and scale.
As a research assistant, Copilot pulls in relevant intelligence then contextualizes it as well as summarizes it helping customers evaluate artifacts, correlate security information, assess vulnerabilities, and understand the scope of an attack.
This Cyber News was published on cybersecuritynews.com. Publication date: Sun, 30 Jun 2024 13:45:28 +0000