The CISA and the FBI recommended software developers to implement rigorous validation, sanitization, and input escaping to prevent malicious script injections and data manipulation.
Cybersecurity firm Huntress reported that attackers search for publicly accessible installations of Foundation software on the internet and then attempt to gain administrative access by trying combinations of default usernames and passwords.
Valid account abuse remains a top entry point for critical infrastructure attacks, with the CISA reporting that 2 in 5 successful intrusions last year were attributed to this method.
The vulnerability was related to the undocumented Salesforce Aura API and SOQL subqueries, allowing a blind SOQL injection attack to retrieve customer information, including personally identifiable information (PII).
Prosecutors allege that Chinese national Wu Song targeted US academics and engineers to obtain applications used in aerospace engineering and fluid dynamics, which could be used for developing missiles and weapons.
Two critical vulnerabilities, CVE-2024-8503 (SQL Injection) and CVE-2024-8504 (Privilege Escalation), have been uncovered in the VICIdial Contact Center Suite, posing a major risk for call centers globally.
Advanced phishing attacks are putting X accounts, formerly known as Twitter, at risk. Even with two-factor authentication in place, researchers at eSentire have found that account takeovers are still possible.
Learn about Pfizer’s Rotational Programs and Early Talent Opportunities through the stories of a Pfizer Digital colleague who recently completed one of these programs.
The US has imposed further sanctions on Intellexa, the maker of the Predator spyware, targeting individuals and entities associated with the company due to its opaque corporate structure designed to evade accountability.
This critical flaw, actively exploited in the wild, allows attackers to elevate privileges to SYSTEM level, posing a significant risk to organizations using Microsoft’s Hyper-V virtualization technology.