Latest CyberSec News by @thecyberpicker

Ransomware remains the biggest threat, but old and misconfigured network devices are making it too easy

These are the tools of the trade Sophos detected in use by cybercriminals over 2024

A proper detection engineering program can help improve SOC operations. In this article we'll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency.

Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution (RCE). CVE-2018-1207 . remote exploit for Hardware platform

Resecurity warns about the increase in targeted cyberattacks against enterprises in the energy sector worldwide.

DataDome warns that DYI bots are snapping up driving test places en masse

Smart Manager 8.27.0 - Post-Authenticated SQL Injection. CVE-2024-0566 . webapps exploit for PHP platform

WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection. CVE-2024-0399 . webapps exploit for Multiple platform

FLIR AX8 1.46.16 - Remote Command Injection. CVE-2022-37061 . webapps exploit for Hardware platform

Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database

Ethercreative Logs 3.0.3 - Path Traversal. CVE-2022-23409 . webapps exploit for Multiple platform

Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account. CVE-2021-33216 . local exploit for Hardware platform

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE). CVE-2023-26602 . local exploit for Hardware platform

KodExplorer 4.52 - Open Redirect.. webapps exploit for PHP platform

Car Rental Project 1.0 - Remote Code Execution. CVE-2020-5509 . webapps exploit for PHP platform

ABB Cylon Aspect 4.00.00 (factorySaved.php) - Unauthenticated XSS.. hardware exploit for PHP platform

ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) - Remote Code Execution.. hardware exploit for PHP platform

Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database

phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames. CVE-2024-55889 . webapps exploit for PHP platform

ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) - File Write DoS.. hardware exploit for PHP platform

Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass. CVE-2022-40684 . remote exploit for Windows platform

Garage Management System 1.0 (categoriesName) - Stored XSS. CVE-2022-41358 . webapps exploit for Multiple platform

WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page. CVE-2024-23733 . remote exploit for Windows platform

ProConf 6.0 - Insecure Direct Object Reference (IDOR). CVE-2018-16606 . webapps exploit for Multiple platform

Malware-laced SHOWJI phones shipped with fake WhatsApp, stealing $1.6M in crypto via address swaps.

MonServiceSécurisé, un service gratuit pour aider le secteur public à se mettre en conformité, a enregistré une augmentation de 100% de...-Cybersécurité

NagVis 1.9.33 - Arbitrary File Read. CVE-2022-46945 . webapps exploit for PHP platform

Zabbix 7.0.0 - SQL Injection. CVE-2024-42327 . webapps exploit for PHP platform

ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF). CVE-2024-48846 . hardware exploit for Multiple platform

Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE). CVE-2024-11392 . remote exploit for Python platform