On Christmas Day, December 25, 2024, Japan Airlines (JAL) was struck by a significant cyber attack, disrupting both domestic and international flight schedules. The incident, which began in the late hours of Christmas night, led to delays at airports and…
IT Security News Hourly Summary 2024-12-26 06h : 4 posts
4 posts were published in the last hour 5:4 : Adobe ColdFusion Any File Read Vulnerability (CVE-2024-53961) 5:4 : Service disruptions continue to blindside businesses 4:6 : iOS devices more exposed to phishing than Android 4:6 : Cybersecurity spending trends…
Adobe ColdFusion Any File Read Vulnerability (CVE-2024-53961)
Overview Recently, NSFOCUS CERT detected that Adobe issued a security announcement and fixed any file read vulnerability in Adobe ColdFusion (CVE-2024-53961). Due to improper restrictions on pathnames in Adobe ColdFusion, unauthenticated attackers can bypass the application’s restrictions to read files…
Service disruptions continue to blindside businesses
Service disruptions remain a critical concern for IT and business executives, with 88% of respondents saying they believe another major incident will occur in the next 12 months, according to PagerDuty. PagerDuty surveyed 1,000 IT and business executives who were…
iOS devices more exposed to phishing than Android
The mobile threat landscape continues to grow at an alarming rate as cybercrime groups shift their tactics and target mobile devices in the early stages of their attacks, according to a recent Lookout report. The report highlights insights behind a…
Cybersecurity spending trends and their impact on businesses
Managing cybersecurity and IT budgets is a critical element of organizational strategy. With increasing threats to data security, the rise of ransomware, and the need to protect IT infrastructure, organizations must invest wisely in cybersecurity to stay secure. This article…
Feel Supported: Integrating IAM with Your Security Policies
Why is Integrating IAM Crucial for Your Security Policies? As we move more and more of our activities online, the importance of robust security policies cannot be overstated. And central to these security policies is a concept that remains somewhat…
Relax with Secure Cloud-Native Solutions
What Does Securing Your Cloud-Native Solutions Mean? Cloud-native solutions are becoming more popular by the day. They are seen as the future of application development and deployment in today’s digital age. But with great innovation comes great responsibility – the…
Stay Calm and Secure: Secrets Management for the Modern Age
How Effective is Your Modern Secrets Management Strategy? Have you ever wondered about the strength of your modern secrets management? In an age where security is paramount and breaches can mean irrevocable damage, it is essential to ensure your approach…
Drive Innovation with Enhanced Secrets Scanning
How Can Secrets Scanning Drive Innovation? Does the thought of data breaches keep you up at night? If so, you’re not alone. The modern, interconnected business landscape offers unprecedented opportunities for growth and innovation. However, it also presents new, complex…
IT Security News Hourly Summary 2024-12-26 03h : 1 posts
1 posts were published in the last hour 1:31 : Apache fixed a critical SQL Injection in Apache Traffic Control
Apache fixed a critical SQL Injection in Apache Traffic Control
Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control. The Apache Software Foundation (ASF) released security updates to address a critical security vulnerability, tracked as CVE-2024-45387 (CVSS score 9.9), in Traffic Control. Traffic Control…
Capturing Honeypot Data Beyond the Logs, (Thu, Dec 26th)
By default, DShield Honeypots [1] collect firewall, web and cowrie (telnet/ssh) [2] data and log them on the local filesystem. A subset of this data is reported to the SANS Internet Storm Center (ISC) where it can be used by…
IT Security News Hourly Summary 2024-12-26 00h : 3 posts
3 posts were published in the last hour 22:55 : IT Security News Daily Summary 2024-12-25 22:32 : SEO Poisoning: How Cybercriminals Are Turning Search Engines into Traps 22:32 : BellaCPP, Charming Kitten’s BellaCiao variant written in C++
IT Security News Daily Summary 2024-12-25
39 posts were published in the last hour 22:32 : SEO Poisoning: How Cybercriminals Are Turning Search Engines into Traps 22:32 : BellaCPP, Charming Kitten’s BellaCiao variant written in C++ 20:5 : IT Security News Hourly Summary 2024-12-25 21h :…
SEO Poisoning: How Cybercriminals Are Turning Search Engines into Traps
Stay protected from SEO poisoning, a cyber threat exploiting search engine rankings to spread malware and phishing scams.… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: SEO Poisoning: How…
BellaCPP, Charming Kitten’s BellaCiao variant written in C++
Iran-linked APT group Charming Kitten has been observed using a new variant of the BellaCiao malware dubbed BellaCPP, Kaspersky researchers warn. The Iran-linked APT group Charming Kitten has been observed using a C++ variant of the BellaCiao malware, dubbed BellaCPP.…
IT Security News Hourly Summary 2024-12-25 21h : 1 posts
1 posts were published in the last hour 19:31 : Indonesia Government Data Breach – Hackers Leaked 82 GB of Sensitive Data Online
Indonesia Government Data Breach – Hackers Leaked 82 GB of Sensitive Data Online
Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from the Indonesian government’s Regional Financial Management Information System (Sistem Informasi Pengelolaan Keuangan Daerah, or SIPKD). This system is operated by the Badan Pendapatan, Pengelolaan Keuangan, dan Aset…
How to Build a YouTube Clone With Svelte.js, Firebase, and Permit.io
Creating a video-sharing application like YouTube is not just about front-end design and data storage; you need to have secure dynamic control over what users can see and do. With Svelte.js handling the interface and Firebase supporting backend functionalities, integrating…
Look Who’s Back: LockBit Gears Up for a Comeback With Version 4.0
The infamous LockBit ransomware group has announced its return with the upcoming release of LockBit 4.0, set for February 2025. This marks a big moment for the group, which has had major setbacks over the last year. A global…
New Alert: Windows and Mac Are the Target of a Self-Deleting Ransomware
The ransomware epidemic may have been stopped by recent law enforcement operations that disrupted attack infrastructure, led to the arrest of cybercriminals, and broke up some threat groups, but this would be wrong as well. A recent study on…
Global Crypto Hacks Escalate to $2.2 Billion in 2024
Chainalysis, a blockchain analytics company that provides data analysis on the blockchain ecosystem, has reported that the volume of compromised crypto funds and the number of hacking incidents are set to rise in 2024. The report states that the…
Free VPN Big Mama Raises Security Concerns Amid Cybercrime Links
Big Mama VPN, a free virtual private network app, is drawing scrutiny for its involvement in both legitimate and questionable online activities. The app, popular among Android users with over a million downloads, provides a free VPN service while…
IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack
IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system that could potentially lead to denial-of-service (DoS) attacks. The affected kernel extensions—perfstat and TCP/IPmpresent risks to systems running on AIX 7.2, AIX 7.3, VIOS 3.1,…
USA Launched Cyber Attack on Chinese Technology Firms
The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber espionage targeting Chinese technology companies and research institutions. These attacks, suspected to be orchestrated by U.S. intelligence agencies, aimed to steal sensitive commercial secrets and intellectual…
Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server
The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache HugeGraph-Server. The flaw, identified as CVE-2024-43441, could potentially allow authentication bypass due to an issue with assumed-immutable data in JWT tokens. The vulnerability impacts versions…