Security
Headlines
HeadlinesLatestCVEs

Latest News

African Law Enforcement Nabs 1,000+ Cybercrime Suspects

Authorities across 19 African countries also dismantled their infrastructure and networks, thanks to cooperation between global law enforcement and private firms.

DARKReading
Open in Source
#vulnerability#web#redis#git#intel#auth
NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions

The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation Destabilise, has resulted in the arrest of 84 suspects linked to two Russian-speaking networks

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-51378 (CVSS score: 10.0) - An incorrect default permissions

Confidential cluster: Running Red Hat OpenShift clusters on confidential nodes

This is the first of a series of articles in which we will share how confidential computing (a set of hardware and software technologies designed to protect data in use) can be integrated into the Red Hat OpenShift cluster. Our goal is to enhance data security, so all data processed by workloads running on OpenShift can remain confidential at every stage.In this article, we will focus on the public cloud and examine how confidential computing with OpenShift can effectively address the trust issues associated with cloud environments. Confidential computing removes some of the barriers that high

CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat

Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say.

GHSA-mqvr-2rp8-j7h4: Spring LDAP data exposure vulnerability

A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820

GHSA-4fh7-m2wx-6wfm: Firepad allows insecure document access

Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

API Security in Open Banking: Balancing Innovation with Risk Management

Any technological innovation comes with security risks, and open banking is no exception. Open banking relies on APIs…