Zeljka Zorz
How fraudsters stole $37 million from Coinbase Pro users
A convincing phishing page and some over-the-phone social engineering allowed a group of crooks to steal over $37 million from unlucky Coinbase Pro users. One of them – …
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)
Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command …
Attackers are probing Check Point Remote Access VPN devices
Attackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday. Their ultimate goal is to use …
US retailers under attack by gift card-thieving cyber gang
Earlier this month, the FBI published a private industry notification about Storm-0539 (aka Atlas Lion), a Morocco-based cyber criminal group that specializes in compromising …
Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)
For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit. …
Compromised courtroom recording software was served from vendor’s official site
Courtroom recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher …
GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)
A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned …
HHS pledges $50M for autonomous vulnerability management solution for hospitals
As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability (CVE-2023-43208) in a healthcare-specific …
Windows’ new Recall feature: A privacy and security nightmare?
Microsoft has announced the Copilot+ line of Windows 11-powered PCs that, among other things, will have Recall, a feature that takes screenshots every few seconds, encrypts …
Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)
Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web …
15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)
Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack …
Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)
Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be …
Featured news
Resources
Don't miss
- CISA warns about actively exploited Broadcom, Commvault vulnerabilities
- Marks & Spencer cyber incident linked to ransomware group
- Eyes, ears, and now arms: IoT is alive
- What’s worth automating in cyber hygiene, and what’s not
- Want faster products and stronger trust? Build security in, not bolt it on