Aug 22, 2024Ravie LakshmananWebsite Security / Vulnerability Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. “The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could…
Read More
Aug 22, 2024Ravie LakshmananBrowser Security / Vulnerability Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. “Type…
Read More
Aug 22, 2024Ravie LakshmananDatabase Security / Cryptocurrency Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that’s designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. “Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords,” Aqua security researcher Assaf Morag said…
Read More
“In the M&A game, rumors are currency. We accept that, and my general response is to ignore them. But what I’ve seen over the past few weeks from a company called Action1 goes far beyond anything I’ve ever experienced in my career, and I feel compelled to set the record straight,” Talpaz wrote in a…
Read MoreToday, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), CISA, FBI, NSA, and international partners are releasing Best Practices for Event Logging and Threat Detection. This guide will assist organizations in defining a baseline for event logging to mitigate malicious cyber threats. The increased prevalence of malicious actors employing living off the land…
Read MoreExecutive Summary This publication defines a baseline for event logging best practices to mitigate cyber threats. It was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in cooperation with the following international partners: United States (US) Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the National…
Read More
A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. A press release from the U.S. Department of Justice (DoJ) informs that Jesse Kipf used stolen credentials to access the Hawaii Death Registry System to register himself as…
Read More
‘Security continues to be our top priority,’ according to Microsoft. Microsoft will make the controversial “recall” feature for its artificial intelligence-powered Copilot+ PCs available to Windows Insiders users in October. The Redmond, Wash.-based tech giant added the new release date to a previous blog post about recall, which was billed as a way for users…
Read More
Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited attacks. “Google is aware that an exploit for CVE-2024-7971 exists in the wild,” the company said in an advisory published on Wednesday. This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome’s V8 JavaScript engine.…
Read More
The company says it expects to have 96 megawatts online by late 2026 with the remainder of the $3 billion build-out finished in a decade. Novva Data Centers said Wednesday that it will open its sixth site on 160 acres of land that it bought at auction last year in Arizona. It plans to infuse…
Read More