Widely leveraged application delivery controller and load-balancing solution LoadMaster has been impacted by the OS command injection vulnerability, tracked as CVE-2024-1212, which could be abused to enable unauthenticated remote system access and arbitrary system command execution.
After implementing server updates, threat actors proceeded to download and execute the FFmpeg tool from MediaFire to capture Qatari beIN Sports network's live sports events, which are then redirected to the attacker-controlled stream[.]tv server.
More severe of the two issues — both of which have been discovered and reported by TZL security researchers during the Matrix Cup hacking competition in China — is the critical remote code execution flaw, tracked as CVE-2024-38812, which stems from a vCenter DCE/RPC protocol heap overflow issue.
Integration of a Fortinet plugin exploiting the yet-to-be-patched zero-day into its newest iteration has enabled DeepData to facilitate the identification and decryption of credentials and server details from VPN process memory-stored JSON objects, which are then exfiltrated by the DeepPost malware, according to a Volexity report.
The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new...
Malicious actors could leverage the vulnerability, which stems from improper user check error management in the two-factor REST API action, to facilitate high-privileged account breaches that could then be used for additional attacks, according to Defiant, a WordPress security provider.
