It’s unclear if the new Oracle E-Business Suite flaw, which can be exploited remotely without authentication, has been used in the wild.
The post Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data appeared first on SecurityWeek.
Spanish Authorities Dismantle ‘GXC Team’ Crime-as-a-Service Operation
The authorities arrested GoogleXcoder, the alleged administrator of GXC Team, which offered phishing kits and Android malware.
The post Spanish Authorities Dismantle ‘GXC Team’ Crime-as-a-Service Operation appeared first on SecurityWeek.
Extortion Group Leaks Millions of Records From Salesforce Hacks
The data allegedly pertains to Albertsons, Engie Resources, Fujifilm, GAP, Qantas, and Vietnam Airlines.
The post Extortion Group Leaks Millions of Records From Salesforce Hacks appeared first on SecurityWeek.
In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware
Other noteworthy stories that might have slipped under the radar: US universities targeted by payroll pirates, Zimbra vulnerability exploited, Mic-E-Mouse attack.
The post In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware appeared first on SecurityWeek.
Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign
GreyNoise has discovered that attacks exploiting Cisco, Fortinet, and Palo Alto Networks vulnerabilities are launched from the same infrastructure.
The post Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign appeared first on SecurityWeek.
RondoDox Botnet Takes ‘Exploit Shotgun’ Approach
The botnet packs over 50 exploits targeting unpatched routers, DVRs, NVRs, CCTV systems, servers, and other network devices.
The post RondoDox Botnet Takes ‘Exploit Shotgun’ Approach appeared first on SecurityWeek.
Juniper Networks Patches Critical Junos Space Vulnerabilities
Patches were rolled out for more than 200 vulnerabilities in Junos Space and Junos Space Security Director, including nine critical-severity flaws.
The post Juniper Networks Patches Critical Junos Space Vulnerabilities appeared first on SecurityWeek.
ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities
The unpatched vulnerabilities allow attackers to execute arbitrary code remotely and escalate their privileges.
The post ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities appeared first on SecurityWeek.
Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date
Apple has announced significant updates to its bug bounty program, including new categories and target flags.
The post Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date appeared first on SecurityWeek.
Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks
Google researchers believe exploitation may have started as early as July 10 and the campaign hit dozens of organizations.
The post Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks appeared first on SecurityWeek.
