Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. Oracle Agile PLM is a software platform that enables businesses to manage product data, processes, and collaboration across global teams. Yesterday, Oracle urged Agile PLM customers to install the…

Read More

Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. The leak was announced on Sunday by threat actor ‘EnergyWeaponUser,’ also implicating the hacker ‘IntelBroker,’ who supposedly took part in the November 2024 breach. The threat actors leaked on BreachForums 44,000…

Read More

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. The flaw, discovered by Rhino Security Labs and tracked as CVE-2024-1212, was addressed via an update released on February 21, 2024. However, this is the first…

Read More

After Nutanix CEO Rajiv Ramaswami was “approached” about a role with a competitor, the Nutanix board responded with an “off-cycle” stock award worth nearly $50 million, citing “immediate retention concerns,” according to a recent filing with the SEC. Nutanix President and CEO – and a former VMware C-level executive – Rajiv Ramaswami won a massive…

Read More

Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. “Apple is aware of a report that this issue may have been exploited,” the company said in an advisory issued on Tuesday. The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components…

Read More

D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices. The flaw was discovered and reported to D-Link by security researcher ‘delsploit,’ but technical details have been withheld from the public to avoid triggering mass exploitation attempts in…

Read More

Microsoft announced today that hotpatching of security updates is now also available in preview on Windows 365 and Windows 11 Enterprise 24H2 client devices. Windows Hotpatch has been available for Windows Server 2022 Datacenter: Azure Edition since February 2022, initially generally available for Windows Server Azure Edition core virtual machines, and in public preview for…

Read More

The new ‘Helldown’ ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. French cybersecurity firm Sekoia is reporting this with medium confidence based on recent observations of Helldown attacks. Although not among the major players in the ransomware space, Helldown has quickly…

Read More

What if the biggest threat to your privacy wasn’t some hacker in a hoodie—but a spy trained to infiltrate your life? Former FBI operative Eric O’Neill, the man who took down spy Robert Hanssen, explains how digital spies target us, offering along the way real-world tips to protect ourselves in a world where everyone’s a…

Read More

CISA released one Industrial Control Systems (ICS) advisory on November 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol

Read More