Vulnerabilities
Malvertising and Google Ads: Protecting High Net-Worth Individuals and Executives
Do you use Google’s Search functionality to find products or services to solve a problem you have? I’m guessing that the majority of people reading this article do this regularly or have ...
‘Netfetcher’ package drops illicit ‘node’ binary on Windows
Recently identified PyPI packages called "netfetcher" and "pyfetcher" impersonate open source libraries and target Windows users with malicious executables that have a zero detection rate among leading antivirus engines. Furthermore, some of ...
Palo Alto Networks Shines Light on Application Services Security Challenge
An analysis published by Palo Alto Networks finds a typical large organization adds or updates over 300 services every month, with those new and updated services being responsible for approximately 32% of ...
The Zenbleed Vulnerability: How to Protect Your Zen 2 CPUs
The Zenbleed vulnerability exploits a flaw in the speculative execution mechanism of AMD Zen 2 CPUs. It affects the entire Zen 2 range, even extending to AMD’s EPYC data center chips. As ...
CVE-2024-38063: An In-Depth Look at the Critical Remote Code Execution Vulnerability
In a recent security advisory, Microsoft disclosed a high-severity vulnerability identified as CVE-2024-38063. This critical Remote Code Execution (RCE) flaw, rated with a CVSS score of 9.8, poses a significant... The post ...
Cato Networks Reports Spike in Attempts to Exploit Log4j Vulnerabilities
A report published today by Cato Networks finds three years after its discovery in 2021 there was a 61% increase in attempts to exploit Log4j vulnerabilities in inbound traffic and a 79% ...
Aqua Security Researchers Disclose Series of AWS Flaws
Aqua Security this week at the Black Hat USA 2024 conference revealed that it has discovered six vulnerabilities in the cloud services provided by Amazon Web Services (AWS) ...
Salt Security Extends Scope of API Security Platform
Salt Security this week extended its core platform to make it easier to discover and govern application programming interfaces (APIs) ...
Tenable Adds Ability to Prioritize Vulnerabilities by Threat Level
Tenable this week at the Black Hat USA 2024 conference added an ability to identify the vulnerabilities in an IT environment that should be remediated first based on the actual threat they ...
Ideal typosquat ‘solana-py’ steals your crypto wallet keys
The legitimate Solana Python API project is known as "solana-py" on GitHub, but simply "solana" on the Python software registry, PyPI. This slight naming discrepancy has been leveraged by a threat actor ...
