Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Cybersecurity researchers have disclosed three security flaws in Planet Technology’s WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. “These switches are widely used in building and home automation systems for a variety of networking applications,” Claroty’s Tomer Goldschmidt said in a Thursday report. “An attacker who is…

Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a unicycle. Traditional trust management? Forget it. It’s simply not built for today’s…

Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

Cybersecurity researchers have alerted to a new malvertising campaign that’s targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. “The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages,” Jérôme Segura, senior…

|

Drupal CMS Guide Update: The Challenge of Documenting a Fast-Moving Open Source Product

Monday, Jan. 13th – 2 days before the Drupal CMS product launch I sat down at my desk this morning with the intent of working on creating screenshots for the documentation related to finding and installing recipes using the Drupal CMS UI. These images will accompany text that was written about a month ago, and…

Event Promotion: 10 Tactics We Used to Sell Out a 500-Person Conference
|

Event Promotion: 10 Tactics We Used to Sell Out a 500-Person Conference

Last year, we ran Ahrefs Evolve: a sold-out, 2-day, 500-person conference at Pan Pacific Orchard in Singapore. I interviewed Shermin Lim, our events marketer, to find out how we marketed the conference and sold out all our tickets. Here’s everything we did to promote the conference. You can use these same strategies (or be inspired…

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it’s currently responding to “multiple incidents” involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in unauthenticated…

Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation

Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation

Microsoft has revealed that it’s pursuing legal action against a “foreign-based threat–actor group” for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content. The tech giant’s Digital Crimes Unit (DCU) said it has observed the threat actors “develop sophisticated software…

DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering

DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering

The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on December 1, 2024, in coordination with the Netherlands’ Financial Intelligence and Investigative Service, Finland’s National Bureau of Investigation, and the…

Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. “Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as…

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious….