Author: nlqip
Laravel is a free and open-source PHP-based web framework for building high-end web applications. This vulnerability allows unauthenticated attackers to execute arbitrary codes on the affected systems. The threat actor’s exploitation of the Laravel applications also led Sysdig to evidence that the group was using secure shell (SSH) brute forcing as another way the group…
Read MoreThe content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In our always-online world, we’re facing a new kind of cyber threat that’s just as sneaky as it is harmful: subtextual attacks. These…
Read MoreApr 09, 2024NewsroomMalware / Cryptojacking Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked,…
Read MoreApr 09, 2024NewsroomBotnet / Vulnerability Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status.…
Read MoreDiversity Cyber Council The nonprofit Diversity Cyber Council focuses on serving underrepresented groups within the tech industry. The organization’s mission revolves around facilitating training, education, and staffing opportunities to create a sustainable and inclusive talent pool for the cybersecurity workforce. The council aims to foster inclusion and representation within the tech industry through training, mentoring,…
Read Morealsendo_sp._z_o._o. — apaczka Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4. 2024-04-04 not yet calculated CVE-2024-2759cvd@cert.plcvd@cert.pl amphp — amphp/http-client amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it…
Read MoreThe use of AI in phishing attacks poses a significant threat in the digital landscape. As businesses face increasing challenges from threat actors exploiting AI capabilities, a multi-layered security strategy becomes imperative. This approach encompasses training employees to serve as human firewalls, adopting AI-based security technology to detect sophisticated attacks, implementing stronger authentication methods, and…
Read MoreApr 08, 2024NewsroomSoftware Security / Cybersecurity Google has announced support for what’s called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues. The sandbox, according to V8 Security technical lead Samuel Groß, aims to prevent “memory corruption in V8 from spreading within the host process.” The search behemoth…
Read MoreThe content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Here are some of the best SCADA protection strategies to ensure your organization’s safety. Late last year, Pennsylvania’s Municipal Water Authority of Aliquippa…
Read MoreThe ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22%…
Read More