The FortiSIEM product from Fortinet has been found to have two new critical vulnerabilities, CVE-2024-23108 and CVE-2024-23109, which allow for remote code execution by unauthenticated attackers.
While it is unclear whether a ransom was paid, the company stated that client transaction data was not accessed during the attack. The attack occurred amidst a major business deal, but experts predicted minimal disruption to EquiLend’s operations
The threat actors behind the campaign utilized multiple stages and techniques, including obfuscation and leveraging open platforms, to carry out the attack and steal sensitive information.
The malware is distributed through a multi-stage infection chain involving weaponized PDF files, internet shortcuts, and PowerShell loaders, with similarities to the previously disclosed Phemedrone Stealer.
Airbus Navblue Flysmart+ Manager had a vulnerability that allowed attackers to tamper with engine performance calculations and intercept data, posing a serious risk to flight safety.
The Pennsylvania Courts system has been hit by a cyberattack, taking down parts of its website. The Administrative Office of Pennsylvania Courts revealed via social media that the service had suffered a denial of service (DoS) attack.
The stolen data, including over two million unique email addresses, was put up for sale in Chinese-speaking hacking-themed Telegram groups, with the majority of the focus on India, Taiwan, Thailand, and Vietnam.
Latio Application Security Tester simplifies code scanning with OpenAI, offering easy code change submission and GitHub Actions templates. The tool’s future plans include support for non-OpenAI models, improved handling of large files, and more.
The scammers digitally recreated the company’s chief financial officer and other employees in a convincing video conference call to trick the victim into making money transfers.
The Windows SmartScreen vulnerability CVE-2023-36025 allows threat actors to bypass warnings and execute malicious payloads using crafted .url files, posing a significant security risk to Windows users.