Multiple threat actors began exploiting a critical vulnerability in PHP within a day of its public disclosure last month and are moving quickly to infect systems with malware, according to a report by the Akamai Security Intelligence Response Team. Administrators are advised to patch immediately.
CISA is grappling with the aftereffects of a major hacking incident that allowed threat actors to exploit multiple gateways crucial to the U.S. cyber defense agency. Thomas Pace, CEO of NetRise, said, "The hardest problem to address is the breadth of what has been compromised."
More than 14 million servers may be affected by a regressed vulnerability in a remote server management and file transfer tool that can allow hackers to completely take over the affected systems. The flaw is an accidental repeat of a flaw patched in 2006.
Juniper Networks released an out-of-band fix for a maximum-severity vulnerability that can allow hackers to bypass authentication in three Juniper products. The CVSS 10-rated bug could allow an attacker to take full control of a compromised system.
Multiple critical vulnerabilities in Emerson Rosemount 370XA gas chromatographs could allow malicious actors to access sensitive data, cause denial-of-service conditions and execute arbitrary commands. Emerson recommends that end users update the firmware on the products.
Hackers jumped on a new flaw in Progress Software's MOVEit managed file transfer application just hours after maker Progress Software publicly disclosed the critical flaw, which allowsattackers to bypass authentication. Customers of the Massachusetts company are no strangers to emergency patching.
Hackers targeting a popular open-source project for running artificial intelligence tool Ollama could run into a big "Probllama" if they haven't yet patched, said security researchers from Wiz. Companies are focusing on AI's transformative power at the cost of its security.
Security researchers have discovered another major vulnerability in Ivanti's widely used endpoint management system that can allow hackers to gain remote access for multiple devices at the same time. This comes just months after the company patched a separate SQL injection flaw in the same product.
This week, feds counted cyber incidents; Ukraine made arrest; Black Basta seemed to exploit flaw; 51 flaws in Patch Tuesday; SolarWinds, JetBrains patched flaws; Alan Turning Institute debunked paper on AI; Santander wants password changes; Christie's spoke of data breach and cyber pros face burnout.
A ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical-severity vulnerability in scripting language PHP. The TellYouThePass ransomware group sees opportunity whenever system administrators must scramble to patch systems.
A critical remote code execution vulnerability in PHP for Windows, affecting all releases since version 5.x, requires immediate action from server administrators. The flaw enables attackers to execute arbitrary code on remote PHP servers through an argument injection attack.
U.S. federal authorities are alerting healthcare entities about critical vulnerabilities in two medical device products from manufacturer Baxter. Both flaws can be exploited remotely, potentially jeopardizing patient care. Some experts say such disclosures in general need more attention.
Networking solutions vendor Zyxel fixed critical vulnerabilities in end-of-life network-attached storage devices that allow remote code execution. It left two vulnerabilities allowing attacks by authenticated local attackers unpatched.
In the latest weekly update, ISMG editors discussed the current state of Secure Access Service Edge solutions in 2024, vulnerabilities in Apple's Wi-Fi-based positioning system, and the patient safety questions arising after a cyberattack hit a U.S. hospital.
Cyberattackers are actively exploiting a vulnerability in the NextGen Healthcare Mirth Connect product, an open-source data integration platform widely used by healthcare companies, said CISA in an alert Monday. The flaw, which allows remote code execution, has been known since October 2023.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.