November 2024 – TheCyberThrone

INC Ransom claimed responsibility on Alder Hey Children’s Trust attack

On November 28, the ransomware group INC Ransom claimed to have compromised sensitive data from Alder Hey Children's NHS Foundation Trust in Liverpool, UK. They posted on their data leak…

PravinKarthik November 30, 2024

Zabbix tool affected by CVE-2024-42327

Zabbix, an open-source application monitoring tool, is warning its customers of a new critical vulnerability that could lead to full system compromise. The vulnerability tracked as CVE-2024-42327 with a CVSS…

PravinKarthik November 30, 2024

Exploring Microsoft AD CS bug CVE-2024-49019

Security researchers from TrustedSec have uncovered a critical zero-day vulnerability affecting Active Directory Certificate Services (AD CS) and were patched in Microsoft’s November Patch Tuesday, but its implications warrant closer…

PravinKarthik November 29, 2024

Zyxel Firewalls exploited using CVE-2024-11667

Zyxel has relased an advisory about a vulnerability thats active exploited in attempts by threat actors targeting their firewall products and detailed the required steps to safeguard from potential attacks…

PravinKarthik November 29, 2024

ProjectSend Exploited by Threat actors using CVE-2024-11680

ProjectSend, an open-source file-sharing web application, has been exploited by attackers using an improper authentication vulnerability since the start of 2024. Exploiting this vulnerability allows the attackers to enable unauthorized…

PravinKarthik November 29, 2024

Salt Typhoon Emergence and T-Mobile Cyber Incident

Salt Typhoon, a Chinese threat actor also known by aliases such as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, has been conducting cyber-espionage activities against high-value government and telecommunications organizations for…

PravinKarthik November 28, 2024

Nvidia fixed CVE-2024-0130 in UFM Enterprise

NVIDIA has patched a high-severity vulnerability affecting its UFM Enterprise, UFM Appliance, and UFM CyberAI products. could allow an attacker to gain escalated privileges, tamper with data, deny service, and…

PravinKarthik November 28, 2024