Data within the unsecured database included military personnel and their supporters' full names, images, mailing addresses, locations, images, Social Security numbers, and National Insurance numbers, a report by cybersecurity researcher Jeremy Fowler published on vpnMentor showed.
MITRE has regarded cross-site scripting flaws as the most common and severe software vulnerabilities this year, followed by out-of-bounds write, SQL injection, cross-site request forgery, and path traversal issues.
After implementing server updates, threat actors proceeded to download and execute the FFmpeg tool from MediaFire to capture Qatari beIN Sports network's live sports events, which are then redirected to the attacker-controlled stream[.]tv server.
BleepingComputer reports that Ukrainian organizations have been subjected to suspected Russian cyberattacks involving the newly fixed Windows NTLM Hash Disclosure spoofing flaw, tracked as CVE-2024-43451, since June.
Extensive account exposure by a misconfigured API was discovered by game developer and ethical hacker Sean Kahler through a developer testing environment privileged access token obtained following the identification of hardcoded credentials in a game's executable.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
