CISA and the FBI warned that Iranian APT group, Fox Kitten, has helped ransomware groups to attack US organizations since 2017
Monthly Archives: August 2024
‘Big-game hunting’ – Ransomware gangs are focusing on more lucrative attacks
2024 looks set to be the highest-grossing year yet for ransomware gangs, due – in no small part – to emboldened cybercriminals causing costly disruption at larger companies.
Read more in my article on the Exponential-e blog.
Crypto scammers who hacked McDonald’s Instagram account say they stole $700,000
Hackers who seized control of the official Instagram account of McDonald’s claim that they managed to steal US $700,000 from unsuspecting investors by promoting a fake cryptocurrency.
Read more in my article on the Hot for Security blog.
apr-1.7.5-1.fc41
FEDORA-2024-f831fe4030
Packages in this update:
apr-1.7.5-1.fc41
Update description:
Update APR to version 1.7.5.
IT Engineer Charged For Attempting to Extort Former Employer
A virtual machine specialist was arrested after a foiled data extortion plot targeting his former employer
ZDI-24-1183: Delta Electronics DTN Soft BIN File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTN Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8255.
ZDI-24-1184: Progress Software WS_FTP Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WS_FTP. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-7744.
ZDI-24-1185: Progress Software WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-6670.
ZDI-24-1186: Progress Software WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-6671.
ZDI-24-1187: Progress Software WhatsUp Gold getMonitorJoin SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-6672.