In its November 2024 Patch Tuesday update, Microsoft addressed 90 security vulnerabilities, including two critical zero-day exploits currently being actively exploited in the wild (CVE-2024-49039 and CVE-2024-49039). This also update includes fixes for issues impacting Windows NT LAN Manager (NTLM)…
A newly patched security vulnerability in Microsoft Windows has been actively exploited by the Lazarus Group, a notorious state-sponsored hacking group associated with North Korea. The flaw, identified as CVE-2024-38193 and rated with a CVSS score of 7.8, is a…
A new type of DNS attack puts millions of domains at risk of malware and hijacking, a recent report finds. A joint analysis by Infoblox and Eclypsium has uncovered that over a million domains are at risk of being hijacked…
A Fortune 50 company has reportedly paid a record-breaking $75 million ransom to the Dark Angels ransomware gang, according to Zscaler ThreatLabz. This payment surpasses the previous record of $40 million, paid by insurance giant CNA after an Evil Corp…
BadPack is a malicious APK file intentionally altered to exploit the Android operating system’s file structure. Typically, attackers maliciously modify the header information in the compressed file format of APKs to hinder reverse engineering efforts. These tampered headers are a…
In an unexpected and chaotic turn of events, a significant IT outage disrupted major institutions globally. Here’s the latest information: Microsoft Azure Services Severely Impacted Last night, Microsoft Azure services experienced a major disruption, leaving many customers frustrated. The Central…
CVE-2023-27532, a significant flaw identified in Veeam Backup & Replication software, exposes organizations to unauthorized access risks and shows the vital need for up-to-the-minute vigilance in data protection strategies. A new ransomware player, called EstateRansomware, has recently exploited the vulnerability…
Security researchers identified a critical security vulnerability in the TP-Link Archer C5400X gaming router, which could easily allow remote code execution through specially crafted requests. The flaw has been tracked as CVE-2024-5035, and is assigned the highest possible severity score…
Threat actors are exploiting critical vulnerabilities in Atlassian servers to deploy a Linux variant of Cerber ransomware. This exploitation, centered around the CVE-2023-22518 vulnerability, has exposed serious weaknesses in the Atlassian Confluence Data Center and Server, allowing malicious actors to…
Cybersecurity researchers from the Systems and Network Security Group (VUSec) at Vrije Universiteit Amsterdam have unveiled what they describe as the “first native Spectre v2 exploit” against the Linux kernel on Intel systems. This exploit, named Native Branch History Injection…
Google has unveiled a new feature called the V8 Sandbox in its Chrome web browser to address memory corruption issues, aiming to protect against vulnerabilities. “After almost three years since the initial design document and hundreds of CLs in the…
![HTTP2 Flaw Puts Web Servers at Risk of DoS Attacks [CVE-2024-27983]](https://cdn.sensorstechforum.com/wp-content/uploads/2024/04/HTTP2-Flaw-Puts-Web-Servers-at-Risk-of-DoS-Attacks-CVE-2024-27983-1024x585.jpg "HTTP/2 Flaw Puts Web Servers at Risk of DoS Attacks [CVE-2024-27983]")
A new research conducted by security expert Bartek Nowotarski has unearthed a potential vulnerability in the HTTP/2 protocol. Known as the CONTINUATION Flood, this exploit allows attackers to conduct denial-of-service (DoS) attacks by flooding a server with CONTINUATION frames. The…
A recent analysis has revealed that the malicious code embedded in the widely-used open-source library XZ Utils (present in multiple Linux distros) can enable remote code execution. The attack scenario is based on the critical CVE-2024-3094 vulnerability. CVE-2024-3094 Explained This…
In response to a class action lawsuit filed in 2020, Google has opted to settle by agreeing to delete billions of data records concerning users’ browsing activities. The lawsuit alleged that Google tracked users without their consent while using the…
In a startling development, gamers playing “Call of Duty” have fallen victim to a sophisticated cyber attack aimed at draining Bitcoin wallets. The attack, orchestrated through third-party cheat software, has sent shockwaves through the gaming community, raising concerns about the…
A recently identified vulnerability affecting the “wall” command in the util-linux package has raised concerns among Linux users. Assigned CVE-2024-28085 and named WallEscape by security researcher Skyler Ferrante, the flaw allows unprivileged users to manipulate terminal output, potentially leaking passwords…
A recently patched security vulnerability in Microsoft Edge could have allowed malicious actors to stealthily install arbitrary extensions on users’ systems, potentially leading to harmful actions. CVE-2024-21388 Explained Discovered by Guardio Labs security researcher Oleg Zaytsev and tracked as CVE-2024-21388,…
The Oligo research team recently uncovered an ongoing attack campaign, dubbed ShadowRay, targeting a vulnerability in Ray, a widely utilized open-source AI framework. This vulnerability, currently unresolved and lacking a patch, poses a critical threat to thousands of companies and…
Researchers unearthed a significant vulnerability lurking within Apple’s M-1 and M-2 chips, potentially exposing a chink in the armor of the tech giant’s acclaimed security infrastructure. Dubbed “GoFetch,” this exploit targets the microarchitecture of Apple’s chips, exploiting a flaw that…
A newly identified denial-of-service attack, named Loop DoS, is causing concerns among cybersecurity experts. This sophisticated attack targets application layer protocols and can lead to large-scale traffic disruptions by creating indefinite communication loops between network services. Researchers at the CISPA…
