F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface.
The acquisition will strengthen both Radiant Logic and Brainwave GRC’s respective market positions as identity, analytics, and intelligence experts by offering a new data-centric governance capability and identity data intelligence platform.
It was discovered on January 30, 2023, by monitoring an open-source ecosystem. The package was published on January 26, 2023, the same day as its author, ‘Trexon’, joined the repository.
Experts at Check Point Research laid bare the secrets of a shellcode-based packer, dubbed TrickGate, assisting threat actors in deploying a range of malware such as TrickBot, Emotet, FormBook, Cerber, AZORult, Agent Tesla, Maze, and REvil. The malware stayed under the hood for six years owing to its transformative nature of undergoing changes periodically.
The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country.
Researchers warn that many electric vehicle (EV) charging management systems are affected by vulnerabilities that could allow hackers to cause disruption, steal energy, or obtain driver information.
Trend Micro analyzed a cyberespionage campaign targeting organizations in the Middle East in December 2022 using a new backdoor. It abuses compromised email accounts to send stolen data to external mail accounts controlled by attackers.
A threat actor named InTheBox is promoting on Russian cybercrime forums an inventory of 1,894 web injects (overlays of phishing windows) for stealing credentials and sensitive data from banking, cryptocurrency exchange, and e-commerce apps.
About 98 percent of organizations have vendor relationships with at least one third-party that has experienced a breach in the last two years, according to SecurityScorecard and The Cyentia Institute.
CVE-2023-20076 was discovered by the researchers in a Cisco ISR 4431 router – more specifically, in the Cisco IOx application hosting environment, which allows admins to deploy application containers or virtual machines directly on Cisco devices.