Microsoft announced on Friday that it has restored its cloud services following a global outage. The U.S. tech giant reported late Thursday that customers in the Central U.S. region experienced issues with multiple Azure services and the Microsoft 365 suite, affecting service management operations and connectivity. On Friday, …
Cloudways
Cisco Patches Severe Password Reset Flaw in SSM On-Prem License Servers
Cisco has released a patch to address a critical password vulnerability affecting several versions of its Smart Software Manager On-Prem (Cisco SSM On-Prem), which allows a subset of customers to manage product licenses using an on-premises server. The company provided limited details about the vulnerability, identified as CVE-2024-20419…
Cloudflare Reports Rapid Exploitation of Vulnerabilities Following Disclosure
By the time you read this, a zero-day CVE is likely being exploited. Researchers at Cloudflare have observed that newly disclosed vulnerabilities are under attack as quickly as 22 minutes after a proof of concept (POC) is released. Cloudflare reports that attackers are more active than ever, rapidly…
Urgent Patch Required for Apache HugeGraph Vulnerability Exploited in Attacks
Threat actors are actively exploiting a recently disclosed critical security flaw in Apache HugeGraph-Server, potentially leading to remote code execution attacks. Identified as CVE-2024-27348 (CVSS score: 9.8), this vulnerability affects all versions of the software before 1.3.0 and is described as a remote command execution flaw in the…
How PatchSuperstore.com Overcame DNS Challenges with DNS Made Easy on Cloudways
Q.1 – Let’ s start by getting to know you. Can you tell us a little about yourself and the story behind your business? I’ m Ian M, with over 20 years of experience in the promotional product industry. I specialize in Textiles, LEAN Manufacturing, Digital Printing, and Growth Hacking….
Chip Griffin on How Can New Agencies Identify and Capitalize on Their Niche Market?
Chip Griffin has over two decades of experience as an entrepreneur and agency owner. He specializes in helping agencies with fewer than 50 employees navigate challenges and seize opportunities. Through the Small Agency Growth Alliance, Chip brings together leaders of small PR, marketing, and digital agencies to learn…
CRYSTALRAY Hacker Expands to 1,500 Breached Systems with SSH-Snake Tool
A new threat actor known as CRYSTALRAY has significantly expanded its targeting scope with new tactics and exploits, now affecting over 1, 500 victims whose credentials were stolen and cryptominers deployed. Researchers at Sysdig have tracked this threat actor since February when they first reported the use of the…
PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks
Multiple threat actors are exploiting a newly disclosed security flaw in PHP to distribute remote access trojans, cryptocurrency miners, and DDoS botnets. The vulnerability, identified as CVE-2024-4577 (CVSS score: 9.8), allows attackers to execute malicious commands on Windows systems using Chinese and Japanese language locales. This flaw, publicly…
PHP Vulnerability Exploited for RCEs, Cryptominers, and DDoS Attacks
Shortly after a new PHP bug was disclosed in late spring, Akamai researchers detected numerous attempts to exploit the vulnerability, highlighting its high exploitability and rapid adoption by threat actors. Given that PHP is one of the most popular server-side scripting languages, used to create dynamic web pages…
Companies Urged to Upgrade Infrastructure for GenAI Readiness
Despite growing interest and enthusiasm for generative AI (GenAI), significant challenges threaten the success of such projects, new research claims. A report by Hitachi Vantara surveying IT and business leaders across the US, Canada, and Western Europe highlights infrastructure as a critical area needing attention as GenAI projects…
New OpenSSH Bug Exposes RHEL 9 and Derivatives to Vulnerability
A newly discovered signal handler race condition in the core sshd daemon used in RHEL 9.x and its various derivatives has been uncovered by Alexander Peslyak also known as Solar Designer, founder of Openwall. This flaw, identified as CVE-2024-6409, affects sshd daemon versions 8.7p1 and 8.8p1, which are…
Google Criticizes Microsoft’s ‘Anticompetitive’ Cloud Policies Despite Euro Settlement
Google has criticized Microsoft’ s confidential settlement with a group of European cloud providers, asserting that the tech giant is leveraging its financial resources to make complaints about software licensing costs disappear. This settlement, involving the Cloud Infrastructure Service Providers of Europe (CISPE), led to the withdrawal of a…
CloudSorcerer APT Group Exploits Cloud Services and GitHub for C2 Servers
A newly identified CloudSorcerer APT group has been exploiting popular cloud services and GitHub for command-and-control (C2) servers, leveraging the vast data and intellectual property stored on these platforms. According to cybersecurity analysts at Kaspersky Lab, the CloudSorcerer group has been active since May 2024, primarily targeting Russian…
New OpenSSH Flaw Puts Servers at Risk of Remote Code Execution
A recently discovered vulnerability in select versions of the OpenSSH secure networking suite poses a serious risk of remote code execution (RCE) on servers. This flaw, identified as CVE-2024-6409 with a CVSS score of 7.0, involves a race condition in signal handling within the privsep child process. The…
Hackers Exploit Vulnerability in Popular WordPress Calendar Plugin on 150,000 Sites
Hackers are actively targeting a critical vulnerability in the Modern Events Calendar WordPress plugin, used by over 150, 000 websites, to upload arbitrary files and execute code remotely. Developed by Webnus, the plugin helps users manage and organize events, including in-person, virtual, and hybrid formats. The vulnerability, tracked as…
AWS Ends Support for Older PHP Versions, Affecting Many Users
AWS is ending support for several older PHP runtimes, causing concern among a community still reliant on outdated versions of the scripting language. In a blog post, AWS software engineer Sean O’Brien announced that the AWS SDK will no longer support PHP 8.0.x starting January 13, 2025, as…
High Severity Vulnerability Discovered in WordPress Nested Pages Plugin
A high severity Cross Site Request Forgery (CSRF) vulnerability has been identified in the Nested Pages WordPress plugin, potentially affecting over 100, 000 installations. Both the U.S. National Vulnerability Database (NVD) and Wordfence have published advisories regarding this issue, which has received a Common Vulnerability Scoring System (CVSS) rating…
Robert Da Costa on 5 Ways AI Is/Will Be Impacting Agencies and How to Cope With It
With 18 years of coaching experience and a background in running a successful 25-person agency, Rob Da Costa helps agency owners achieve profitable, sustainable growth. As a seasoned agency coach and former marketing agency owner, Rob brings a wealth of knowledge to the table. Rob is the author…
Trojanized jQuery Packages Discovered in npm, GitHub, and jsDelivr Code Repositories
Unknown threat actors have been distributing trojanized versions of jQuery on npm, GitHub, and jsDelivr, marking a “ complex and persistent” supply chain attack. Phylum’ s recent analysis reveals that the attackers cleverly embedded malware within the seldom-used ‘ end’ function of jQuery, which is internally called by the popular ‘ fadeTo’ …
Shopify Denies Hack After Customer Data Leaked Online
A threat actor posted the details of nearly 180, 000 customers to a hacking forum last week, but Shopify points the finger at a third party. E-commerce giant Shopify has denied it has been hacked following the leak of nearly 180, 000 customer details on a popular clear web hacking…