Category: Cybersecurity News
-
Microsoft Patch Tuesday Update Fixes Many Security Vulnerabilities, Flaws Including CLFS, LDAP Bugs
Microsoft has released it’s Patch Tuesday December update, usually available on the second Tuesday of every month, with a bunch of security updates and patches. Many of the patches are for vulnerabilities with at least a medium severity CVSS (Common Vulnerability Scoring System) score (most are over 6.0 on a scale of 1-10, 10 being…
-
Zero-Day Vulnerability in Cleo File Transfer Software Found
A critical vulnerability has been found in Cleo’s file transfer software Harmony, VLTrader, and LexiCom affecting versions 5.8.0.21. Researches at Huntress identified this flaw, which exists in its lack of restrictions in uploading and downloading, that allows remote code execution. In their proof of concept, they found attack indictations in the installation logs. These logs…
-
Krispy Kreme Hit With Cyberattack Affecting Online Orders
Krispy Kreme, the popular doughnut and coffee chain restaurant, has been hit with a cyberattack affecting their online systems. This has been impacting their order fulfillment process for online orders. In an recent filing, they confirmed recent unauthorized access within their IT systems which may have an impact on earnings. Krispy Kreme is currently investigating…
-
0patch Offers Patch for Windows NTLM Zero-Day Vulnerability
A zero-day vulnerability affecting many Windows versions from Windows 7 to Windows 11, has been found by researches at 0patch. A zero-day is a vulnerability that doesn’t have an official fix yet, so it is exploitable and possibly being actively used in the wild. According to their post, the vulnerability exists in just the viewing…
-
Security Agencies Issue Guidance on Recent China-Affiliated Telecom Hacks
U.S. security and cybersecurity agencies (along with international partners) have issued a guidance in response to confirmed infiltration on telecom communication systems by China, officially known as People’s Republic of China (PRC),-affiliated groups. While the infiltration was only able to gather meta data such as call records, it was further targeting users involved in government…
-
DroidBot, a Malware-as-a-Service (MaaS), Is Targeting Banking, Crypto Apps
A new Android malware is making rounds and attempting to steal information from unsuspecting users and installs. Being classified as DroidBot, it’s a Remote Access Tool (RAT) utilized in a Malware-as-a-Service (MaaS) model and being used by hacking affiliated groups. Malware-as-a-Service is a subscription model used by hackers and cybercriminals selling their specialized tools and…
-
Large Development Firm, Chemonics International, Affected By Data Breach
Chemonics International, a large development firm and USAID contractor, was impacted by a data breach affecting the data of thousands of users. According to the report they made in a notice on their website, the hack was first noticed late last year in December 2023, where they found possible hacking activity from earlier in the…
Categories:
Have any comments or suggestions? Feel free to let us know!
