Author: We Fix PC

SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now “potentially” exploited in attacks, urging admins to apply patches as soon as possible. “This vulnerability is potentially being exploited in the wild. Please apply the patch as soon as possible for affected products. The latest patch builds are available […]

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. OFBiz is a suite of customer relationship management (CRM) and enterprise resource planning (ERP) business applications that can also be used as a Java-based web framework […]

Image: MidjourneyThe United States and its allies have linked a group of Russian hackers (tracked as Cadet Blizzard and Ember Bear) behind global critical infrastructure attacks to Unit 29155 of Russia’s Main Directorate of the General Staff of the Armed Forces (also known as GRU). In a joint advisory published today, the Russian GRU military […]

Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. The flaw, tracked as CVE-2024-44000 and categorized as an unauthenticated account takeover issue, was discovered by Patchstack’s Rafie Muhammad on August 22, 2024. A fix was made available yesterday with the […]

Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. The most severe of the problems addressed is CVE-2024-40711, a critical (CVSS v3.1 score: 9.8) remote code execution (RCE) vulnerability on […]

Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. The operation, discovered by Veriti Research, constitutes a characteristic example of the blurred lines between being a predator or prey in the world of cybercrime, where ironic twists […]

​American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. Headquartered in Chandler, Arizona, the chipmaker has around 123,000 customers from multiple industry sectors, including industrial, automotive, consumer, aerospace and defense, communications, and computing markets. On August […]

The MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore. Security researchers at Cisco Talos have analyzed malicious document submissions on VirusTotal from various countries, including the United States, Russia, China, and Pakistan. These documents varied in their lures, sophistication, and infection […]