Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version 4.4.1 released on October 6, 2023. “This is an easily exploitable, unauthenticated remote code execution vulnerability,” Horizon3.ai’s Naveen
Read More
The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. “IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a downloader for further payloads,” the PwC Threat Intelligence team said in
Read More
Google has announced that it’s expanding its Vulnerability Rewards Program (VRP) to compensate researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security. “Generative AI raises new and different concerns than traditional digital security, such as the potential for unfair bias, model manipulation or misinterpretations
Read More
European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the name Void Rabisu, which is also known as Storm-0978, Tropical Scorpius,
Read More
Our mission is to educate our customer base, build capacity in every country we operate in and make cyber security affordable to all