Calenderweek 04 – WafdogBlog

Intrusion Alert: Suspected Kremlin-Linked Hackers Breach HPE’s Cloud Email Environment

Suspected hackers linked to the Kremlin are believed to have breached the cloud email infrastructure of technology giant Hewlett Packard Enterprise (HPE) to extract mailbox data. According to a regulatory filing with the U.S. Securities and Exchange Commission (SEC), HPE stated, “The threat actor accessed and extracted data starting from May 2023 from a small …

Intrusion Alert: Suspected Kremlin-Linked Hackers Breach HPE’s Cloud Email Environment Read More »

Jenkins Security Update: Patching Critical Vulnerabilities and Preventing Remote Code Execution

The maintainers of Jenkins, an open-source continuous integration/continuous delivery and deployment (CI/CD) automation software, have rectified nine security vulnerabilities, one of which was critical and could potentially lead to remote code execution (RCE) if exploited successfully. Identified as CVE-2024-23897, the critical flaw allows for arbitrary file read access via the built-in command line interface (CLI). …

Jenkins Security Update: Patching Critical Vulnerabilities and Preventing Remote Code Execution Read More »

Cisco Addresses Critical Security Vulnerability in Unified Communications and Contact Center Solutions

Cisco has issued patches to remedy a severe security vulnerability affecting its Unified Communications and Contact Center Solutions products. This flaw, identified as CVE-2024-20253 with a CVSS score of 9.9, arises from mishandling user-provided data, enabling a potential attacker to execute arbitrary code on a vulnerable device without authentication. The vulnerability originates from the improper …

Cisco Addresses Critical Security Vulnerability in Unified Communications and Contact Center Solutions Read More »

Outlook Vulnerability Exposes Passwords: Cybersecurity Threats and Protective Measures

In Microsoft’s email software Outlook, there appears to be a vulnerability that cybercriminals can exploit to capture passwords of other users. The targeted individual simply needs to open a calendar invitation attached to a specifically crafted email. Following this action, Outlook transfers the NTLMv2 hash of the user’s password to a system controlled by the …

Outlook Vulnerability Exposes Passwords: Cybersecurity Threats and Protective Measures Read More »

Microsoft Targeted by Cyberattack: Midnight Blizzard Strikes Again

The software giant Microsoft has apparently once again fallen victim to a cyberattack. According to a new blog post by the company, a hacker group supported by the Russian state called Midnight Blizzard, also known as Nobelium, Cozy Bear, or APT29, gained access to an “old, non-productive test tenant account” through a password spraying attack …

Microsoft Targeted by Cyberattack: Midnight Blizzard Strikes Again Read More »

SEC Reveals Further Details on X-Account Breach and SIM-Swapping Incident

After a malicious actor took over the X-account of the US Securities and Exchange Commission (SEC) two weeks ago to prematurely announce the expected Bitcoin ETF approval, the agency has now shared further information regarding this incident. According to a new statement from the regulatory body, the attackers managed to take control of the phone …

SEC Reveals Further Details on X-Account Breach and SIM-Swapping Incident Read More »