Netgate pfSense firewall solution has multiple security vulnerabilities that could allow attackers to execute arbitrary commands on vulnerable devices, posing a significant risk to network security.
The OWASP Top Ten list for 2021 identifies major vulnerabilities in web application security, including broken authorization, broken authentication, improper access to resources, unrestricted access to sensitive business flows, and server-side request forgery.
ESET Research discovers a cluster of 116 malicious Python packages on PyPI that have been downloaded over 10,000 times since May 2023, designed to infect both Windows and Linux systems with a custom backdoor.
The hacker group GambleForce has been carrying out SQL injection attacks on organizations in the Asia Pacific region, exploiting vulnerabilities in website content management systems to gain unauthorized access to sensitive data.
The Iranian state-sponsored threat actor known as OilRig has deployed three new downloader malware, named ODAgent, OilCheck, and OilBooster, to maintain persistent access to victim organizations in Israel, utilizing legitimate cloud service APIs for command-and-control communication and data exfiltration.
Network penetration testing is crucial for protecting businesses against cyber threats, debunking misconceptions and implementing regular testing can enhance security measures and mitigate potential risks.
