Mar 21, 2024NewsroomVulnerability / Web Security Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6. “An unauthenticated threat actor can execute arbitrary commands on the…
Read More
Mar 21, 2024NewsroomDatabase / Vulnerability Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it’s…
Read More
It’s not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it’s not every day you run across a US-focused people-search network based…
Read More
There’s a Bing ding dong, after Microsoft (over?) enthusiastically encourages Chrome users to stop using Google, and silence hits the British Library as it shares its story of a ransomware attack. All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault. Plus:…
Read More
Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. In the ever-changing realm of cybersecurity, staying informed is a challenging necessity. At Canary Trap, it is our mission to keep you up-to-date with the most critical developments in the world of cyber security and this bi-weekly publication is your gateway to…
Read More
The US Cybersecurity & Infrastructure Security Agency (CISA) released 15 advisories covering serious vulnerabilities in industrial control products from Siemens, Mitsubishi Electric, Delta Electronics, and Softing Industrial Automation. Some of the flaws are rated with high and critical severity and can result in remote code execution. Eleven of the 15 advisories cover vulnerabilities in Siemens…
Read More
The United States Federal Trade Commission (FTC) has warned the public to be cautious if contacted by people claiming to be… FTC staff. In a warning published on its website, the FTC said that scammers were using its employees’ real names to steal money from consumers. A typical ruse will see the bogus FTC staffer…
Read More
Mar 20, 2024NewsroomDoS Attack / Network Security A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk. Called Loop DoS attacks, the approach pairs “servers of these protocols in such a way that they communicate with each…
Read More
Threats to the payment ecosystem in 2023 chiefly comprised of financial scams, with threat actors increasingly adopting AI technologies to stay at the top of their games, according to a VISA report. The top scams identified by the US-based payment card services operator included pig butchering, inheritance scams, humanitarian relief scams, and triangulation frauds. “The latest…
Read More
Are you using the same passwords in multiple places online? Well, stop. Stop right now. And make sure that you’ve told your friends and family to stop being reckless too. Because if you use the same login credentials in different places online, you’re behaving in a very risky way. If a cybercriminal breaches a system…
Read More