Attacks by the first threat actor involved abuse of the flaw to deploy the XMRig miner while the second threat actor leveraged a shell script to facilitate miner delivery across a targeted environment's accessible endpoints.
Included in the exposed dataset labeled "PDL" were individuals' full names, email addresses, phone numbers, location data, professional summaries, and skills, as well as education and employment histories.
Attackers could leverage the issue — which impacts Nexus 3000, 7000, and 9000 series switches with vulnerable NX-OS versions with DHCPv6 activated and are in standalone NX-OS mode — to facilitate continuous crashes of the dhcp_snoop process and a denial-of-service condition.
Vulnerabilities are the ‘front doors’ for attackers to infiltrate our systems and a key process organizations must get right into order to protect our systems and information assets. Join us as we discuss vulnerability management, identification of assets, prioritization, threat intelligence, leveraging tools, desired vulnerability product features...
Implementing security best practices for VMware ESXi environments is critical for defending against cyber threats. This article outlines ten essential strategies, including patch management, account isolation, and secure boot, to strengthen your ESXi infrastructure.
Attackers could exploit the issue — which affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 firewalls with SonicOS 7.0.1-5035 and older iterations — to achieve "unauthorized resource access and in specific conditions, causing the firewall to crash."
Open-source GPS tracking server Traccar has been impacted with a high-severity path traversal vulnerability, tracked as CVE-2024-24809, and a critical unrestricted file upload flaw, tracked as CVE-2024-31214, which could be leveraged to facilitate remote code execution without authorization.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.