somcert2022

Critical Vulnerability Found in Zabbix Network Monitoring Tool

December 3, 2024
somcert2022
No Comments

Zabbix has warned of a critical-severity vulnerability in its open source enterprise networking monitoring solution that could allow attackers to inject arbitrary SQL queries and compromise data or the system. Tracked as CVE-2024-42327 (CVSS score of 9.9), the security defect exists in a function that is available to any user with a role that has […]

10 Nov 24

Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)

As the holiday season approaches, retail businesses are gearing up for their annual surge in online (and in-store) traffic. Unfortunately, this increase in activity also attracts cybercriminals looking to exploit vulnerabilities for their gain. Imperva, a Thales company, recently published its annual holiday shopping cybersecurity guide. Data from the Imperva Threat Research team’s six-month analysis (April […]

07 Nov 24

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft

Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers. “Active since at least 2021, Storm-0940 […]

05 Nov 24

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to “Android/data,” “Android/obb,” and “Android/sandbox” directories and its sub-directories, according to […]

23 Oct 24

Cisco Confirms Security Incident After Hacker Offers to Sell Data

Cisco on Friday confirmed that some of its files have been stolen after a hacker offered to sell information allegedly belonging to the company. The hacker known as IntelBroker on October 14 announced a “Cisco breach” on a popular cybercrime forum. The threat actor claimed to have obtained GitHub and SonarQube projects, source code, hardcoded […]

October 19, 2024
somcert2022
No Comments

A North Korean threat actor has exploited a recent Internet Explorer zero-day vulnerability in a supply chain attack, threat intelligence firm AhnLab and South Korea’s National Cyber Security Center (NCSC) say. Tracked as CVE-2024-38178, the security defect is described as a scripting engine memory corruption issue that allows remote attackers to execute arbitrary code on […]

12 Oct 24

Microsoft’s Take on Kernel Access and Safe Deployment Following CrowdStrike Incident

As the dust settles following the massive Windows BSOD tech outages caused by CrowdStrike in July 2024, the question is now, how do we prevent this happening again? Microsoft convened a summit with members of its Microsoft Virus Initiative (MVI – of which CrowdStrike is one) to discuss a problem that has no simple solution. The CrowdStrike […]

06 Oct 24

Ransomware Hits Critical Infrastructure Hard, Costs Adding Up

The financial impact of a cyberattack targeting a cyber-physical system (CPS) can reach up to $1 million, as affected organizations struggle with revenue loss, recovery costs, and employee overtime. According to a new Claroty survey of 1,100 security professionals involved in OT, IoT, BMS, and IoMT (connected medical devices), about 45% of organizations suffered losses […]

October 2, 2024
somcert2022
No Comments

The Community Clinic of Maui in Hawaii, a nonprofit healthcare organization doing business as Malama I Ke Ola Health Center, informed authorities in the US last week that a cyberattack suffered earlier this year has resulted in a data breach impacting over 120,000 individuals. Local media reported in May that it took the Maui healthcare organization more than […]

30 Sep 24

How to Plan and Prepare for Penetration Testing

As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting (BGH) cyber criminals, and the increased use of hands-on or “interactive intrusion” […]

Critical Vulnerability Found in Zabbix Network Monitoring Tool

Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Cisco Confirms Security Incident After Hacker Offers to Sell Data

North Korean APT Exploited IE Zero-Day in Supply Chain Attack

Microsoft’s Take on Kernel Access and Safe Deployment Following CrowdStrike Incident

Ransomware Hits Critical Infrastructure Hard, Costs Adding Up

Hawaii Health Center Discloses Data Breach After Ransomware Attack

How to Plan and Prepare for Penetration Testing

Critical Vulnerability Found in Zabbix Network Monitoring Tool

Cyber Threats That Could Impact the Retail Industry This Holiday Season (and What to Do About It)

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft

somcert2022

Subscribe to our newsletter