Attacks exploiting a Windows Ancillary Function Driver for WinSock zero-day vulnerability, tracked as CVE-2024-38193, have been deployed by North Korean hacking collective Lazarus Group to facilitate stealthy systems compromise with the FUDModule rootkit.
Organizations have been warned by the Cybersecurity and Infrastructure Security Agency regarding ongoing intrusions targeting SolarWinds Web Help Desk instances vulnerable to the critical Java deserialization flaw, tracked as CVE-2024-28986.
Information leaked by the misconfigured database included not only individuals' names, birthdates, addresses, and phone numbers, but also their credit amounts, places of payments, and credit utilization data, reported the Cybernews research team.
This week, we discuss a marketing campaign that caught Darwin's eye at the Black Hat expo: patchless patching. Then, Darwin recounts his experiences at the Innovators and Investors Summit. We discuss the potential impact of a critical Windows vulnerability that supposedly allows RCE via IPv6 packets! Microsoft continues to stumble, deepening trust ...
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.