Cisco has patched a command-line injection flaw in its network management platform used to manage switches in data centers. The bug (CVE-2024-20399) allows authenticated attackers to execute arbitrary commands as root on the underlying operating system of an affected device. It affects Cisco Nexus series switches and some other products. The vulnerability is due to…
The US Supreme Court’s decision in Loper Bright Enterprises v. Raimondo could significantly impact federal cybersecurity regulations by shifting regulatory approval from agencies to the courts. This ruling may lead to a wave of lawsuits that could ultimately gut the Biden administration’s recent cyber incident reporting requirements and other regulations. The court’s decision reverses nearly…
Executives are prime targets for hackers using pretexting, a social engineering technique that builds trust with a fabricated story or narrative. This approach is more effective than traditional phishing as it establishes rapport between the attacker and executive. Pretexting involves creating a false connection with executives, such as pretending to be an old acquaintance or…
A critical flaw has been found in PTC’s servers, allowing unauthorized remote access to affected systems. The vulnerability, tracked as CVE-2024-6071, was given a CVSS score of 10, the highest possible rating. The issue affects Creo Elements/Direct License Servers and is advised to be updated immediately. Read more
A newly discovered Eastern European threat actor is using a unique approach to deploy malware on infected systems. The “Unfirling Hemlock” campaign involves dropping up to 10 different malware files at once, making it a novel and complex attack vector. This cluster bomb-like tactic allows the attacker to deploy multiple types of malware without being…