'

Multiple data center vulnerabilities could cripple cloud services

Multiple data center vulnerabilities could cripple cloud services

Multiple vulnerabilities in data center infrastructure management systems/power distribution units have the potential to cripple popular cloud-based services. That’s according to new findings from the Trellix Advanced Research Center, which revealed four vulnerabilities in CyberPower’s Data Center Infrastructure Management (DCIM) platform and five vulnerabilities in Dataprobe’s iBoot Power Distribution Unit (PDU). The vulnerabilities could be … Read more

Police dismantled bulletproof hosting service provider Lolek Hosted

Police dismantled bulletproof hosting service provider Lolek Hosted

A joint operation conducted by European and U.S. law enforcement agencies dismantled the bulletproof hosting service provider Lolek Hosted. Lolek Hosted is a bulletproof hosting service provider used to facilitate the distribution of information-stealing malware, and also to launch DDoS (distributed denial of service) attacks, manage fictitious online shops, manage botnet servers and distribute spam messages … Read more

Python URL parsing function flaw can enable command execution

Python URL parsing function flaw can enable command execution

A severe vulnerability in the Python URL parsing function can be exploited to gain arbitrary file reads and command execution. Researchers warn of a high-severity security vulnerability, tracked as CVE-2023-24329 (CVSS score of 7.5), has been disclosed in the Python URL parsing function that could be exploited to bypass blocklisting methods. Successful exploitation of the vulnerability … Read more

UK govt contractor MPD FM leaks employee passport data

UK govt contractor MPD FM leaks employee passport data

UK govt contractor MPD FM left an open instance that exposed employee passports, visas, and other sensitive data MPD FM, a facility management and security company providing services to various UK government departments, left an open instance that exposed employee passports, visas, and other sensitive data. MPD FM boasts of being the UK’s leading “facility … Read more

Power Generator in South Africa hit with DroxiDat and Cobalt Strike

Power Generator in South Africa hit with DroxiDat and Cobalt Strike

Threat actors employed a new variant of the SystemBC malware, named DroxiDat, in attacks aimed at African critical infrastructure. Researchers from Kaspersky’s Global Research and Analysis Team (GReAT) reported that an unknown threat actor used a new variant of the SystemBC proxy malware, named DroxiDat, in an attack against a power generation company in southern Africa. SystemBC was … Read more