On September 18th, the Cybernews research team discovered two publicly hosted environment files (.env) attributed to New England Biolabs. Leaving environment files open to the public is one of the simplest mistakes that web admins can make, but it can have disastrous consequences. Despite leaving some of its sensitive credentials exposed, New England Biolabs seems […]
A former NSA employee has pleaded guilty to charges of attempting to transmit classified defense information to Russia. Jareh Sebastian Dalke (31), a former NSA employee has admitted to attempting to convey classified defense information to Russia, pleading guilty to the charges. The man pleaded guilty today to six counts of attempting to transmit classified […]
VMware is aware of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass flaw in VMware Aria Operations for Logs. VMware warned customers of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass vulnerability, tracked as CVE-2023-34051, in VMware Aria Operations for Logs (formerly known as vRealize Log Insight). The […]
1Password detected suspicious activity on its Okta instance after the recent compromise of the Okta support system. The password management and security application 1Password announced it had detected suspicious activity on its Okta instance on September 29, but excluded that user data was exposed. The activity is linked to the recent attack on the Okta […]
Hundreds of millions of PII records belonging to Indian residents, including Aadhaar cards, are being offered for sale on the Dark Web. PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web In early October, Resecurityâs HUNTER (HUMINT) unit identified hundreds of millions of personally identifiable information (PII) records […]
The Spanish police have arrested 34 members of the cybercriminal group that is accused of having stolen data of over four million individuals. The Spanish police have arrested 34 members of a cybercriminal group that is suspected to have stolen data of over four million individuals. The authorities conducted 16 searches in Madrid, MĂĄlaga, Huelva, […]
US CISA added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2023-20273 in Cisco IOS XE to its Known Exploited Vulnerabilities catalog. The vulnerability is an unspecified issue in the web user interface. An attacker can chain this flaw with CVE-2023-20198 to leverage the new […]
Cisco found a second IOS XE zero-day vulnerability, tracked as CVE-2023-20273, which is actively exploited in attacks in the wild. Cisco last week warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance […]
The City of Philadelphia discloses a data breach that resulted from a cyber attack that took place on May 24 and that compromised City email accounts. The City of Philadelphia announced it is investigating a data breach after attackers that threat actors broke some of City email accounts containing personal and protected health information. The […]
Researchers discovered three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product. Security researchers discovered three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product. SolarWinds Access Rights Manager (ARM) is a software solution developed by IT management and monitoring software provider SolarWinds, it was designed to help organizations […]