Security.Eu

A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered.

CVE-2024-31497

“To be more precise, the first 9 bits of each ECDSA ...

Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday.

Roughly 92,000 devices are vulnerable to the remote takeover exploits, which can be remotely transmitted by sending ...

Cisco has issued a warning from a cross-site scripting (XSS) vulnerability in end-of-life (EoL) RV series small business routers.

Tracked as CVE-2024-20362 and remotely exploitable without authentication, the flaw impacts the small business RV016, RV042, RV042G, RV082, RV320, and RV325 routers ...

AT&T denies any evidence of unauthorized access but admits that a data set released on the Dark Web including Social Security numbers and other sensitive information on tens of millions of customers is genuine.

Two weeks after a massive tranche of data, including purported sensitive information on ...

A total of 29% of web attacks targeted APIs over 12 months (January through December 2023), indicating that APIs are a focus area for cybercriminals, according to Akamai.

APIs risk exposure

API integration amplifies risk exposure for enterprises
APIs are at the heart of digital transformation in ...

Last month, though, several days after Patch Tuesday, the company updated two advisories to say that those particular vulnerabilities were being exploited in the wild.

One of the two – CVE-2024-21338, an elevation of privilege vulnerability affecting the Windows Kernel – had been reported to ...

Good news for organisations who have fallen victim to the notorious Rhysida ransomware.

A group of South Korean security researchers have uncovered a vulnerability in the infamous ransomware. This vulnerability provides a way for encrypted files to be unscrambled.

Researchers from Kookmin ...

Cloudflare disclosed a security breach today, revealing that a suspected nation-state attacker infiltrated its internal Atlassian server.

The attack, which began on November 14, compromised Cloudflare’s Confluence wiki, Jira bug database, and Bitbucket source code management system.

How did ...

CISA and the Federal Bureau of Investigation (FBI) published guidance on Security Design Improvements for SOHO Device Manufacturers as a part of the new Secure by Design (SbD) Alert series that focuses on how manufacturers should shift the burden of security away from customers by integrating ...

A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control.

Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin.

The first flaw made it possible for attackers to reset the plugin's ...