Tag: vulnerability
-
Fortinet discloses critical zero-day flaw in FortiManager
by
in SecurityNewsAccording to Fortinet, the FortiManager vulnerability ‘may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366614476/Fortinet-discloses-critical-zero-day-flaw-in-FortiManager
-
MSSP Market Update: Google’s AI Boost Identifies 26 New Vulnerabilities in Open-Source Projects
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-googles-ai-boost-identifies-26-new-vulnerabilities-in-open-source-projects
-
Google’s AI-powered fuzzing tool discovers 26 new vulnerabilities
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/googles-ai-powered-fuzzing-tool-discovers-26-new-vulnerabilities
-
Over Half of Top Routinely Exploited Vulnerabilities in 2023 Affected Network Devices and Infrastructure
by
in SecurityNewsOver half of the most routinely exploited vulnerabilities worldwide in 2023 affected network devices and infrastructure, according to a cybersecurity advisory issued by CISA and other international cybersecurity agencies in November, 2024. Furthermore, the majority of the routinely exploited vulnerabilities were “initially exploited as a zero-day” which was a change from 2022, when the majority……
-
Leaky Cybersecurity Holes Put Water Systems at Risk
by
in SecurityNewsAt least 97 major water systems in the US have serious cybersecurity vulnerabilities and compliance issues, raising concerns that cyberattacks could disrupt businesses, industry, and the lives of millions of citizens. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/leaky-cybersecurity-holes-water-systems-risk
-
Operation Lunar Peek: More Than 2,000 Palo Alto Network Firewalls Hacked
by
in SecurityNewsThe Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012… First seen on hackread.com Jump to article: hackread.com/operation-lunar-peek-palo-alto-firewalls-hacked/
-
Zero Days Top Cybersecurity Agencies’ Most-Exploited List
by
in SecurityNewsCybersecurity Officials Urge to Prioritize Fixing These 15 Most-Exploited Flaws. Which vulnerabilities need fixing first to best block nation-state and other hacking attempts? Enter the latest Five Eyes intelligence partnership list of the 15 flaws most targeted by attackers, of which 11 were zero-days. Many organizations have yet to patch them all. First seen on…
-
Google AI Tool Finds 26 Bugs in Open-Source Projects
by
in SecurityNewsOne Vulnerability Had Been Undiscovered for Two Decades, Researchers Said. Google researchers used an AI-powered fuzzing tool to identify 26 vulnerabilities in open-source code repositories, some of which had been lurking undiscovered for several decades. Each was found with AI, using AI-generated and enhanced fuzz targets, Google said. First seen on govinfosecurity.com Jump to article:…
-
China’s DeepSeek Aims to Rival OpenAI’s ‘Reasoning’ Model
by
in SecurityNewsDeepSeek-R1 Struggles with Logic Tests and Is Vulnerable to Jailbreaks. Chinese artificial intelligence research company DeepSeek, funded by quantitative trading firms, introduced what it says is one of the first reasoning models to rival OpenAI o1. Reasoning models engage in self-fact checking and perform multi-step reasoning tasks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinas-deepseek-aims-to-rival-openais-reasoning-model-a-26883
-
Schlimmsten-Liste: CISA veröffentlicht die Top 25 Softwarelücken des Jahres
by
in SecurityNewsDie US-Behörde CISA und Mitre haben die Top 25 der gefährlichsten Software-Schwachstellen des Jahres 2024 veröffentlicht. First seen on heise.de Jump to article: www.heise.de/news/Software-Schwachstellen-CISA-veroeffentlicht-die-Top-25-des-Jahres-2024-10107064.html
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
by
in SecurityNews
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
Software-Schwachstellen: CISA veröffentlicht die Top 25 des Jahres 2024
by
in SecurityNewsDie US-Behörde CISA und Mitre haben die Top 25 der gefährlichsten Software-Schwachstellen des Jahres 2024 veröffentlicht. First seen on heise.de Jump to article: www.heise.de/news/Software-Schwachstellen-CISA-veroeffentlicht-die-Top-25-des-Jahres-2024-10107064.html
-
Russian TAG-110 Hacked 60+ Users With HTML Loaded Python Backdoor
by
in SecurityNewsThe Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central Asia, East Asia, and Europe by deploying custom malware, HATVIBE and CHERRYSPY, to compromise government entities, human rights groups, and educational institutions. Initial access is typically gained through phishing or exploiting vulnerable web services, as the campaign’s goal is to…
-
Mobilize Like Your Organization Depended On It
by
in SecurityNewsExplore how seamless integration, automation, and collaboration drive effective vulnerability remediation to protect your organization in real-time. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/mobilize-like-your-organization-depended-on-it/
-
Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations
by
in SecurityNewsEarth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India, Taiwan, and Japan, leveraging spear-phishing and exploiting vulnerabilities in public-facing applications like SSL-VPN and file storage services. The group has deployed various backdoors, including Cobalt Strike, LODEINFO, and the newly discovered NOOPDOOR, to maintain persistent access to compromised networks, which…
-
In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: Nvidia fixes vulnerability with rare ‘critical’ severity, Chinese APT’s first Linux backdoor, new details emerge from the WhatsApp-NSO lawsuit. The post In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit appeared first on SecurityWeek. First seen on securityweek.com Jump to…
-
U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: apple, cisa, cve, cybersecurity, exploit, infrastructure, kev, oracle, update, vulnerability, zero-dayU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS,…
-
JFrog zeigt proaktive Schritte gegen Schwachstelle im userinfo-Segment
by
in SecurityNewsCVE-2024-10524 verdeutlicht eindrucksvoll die Risiken, die selbst in etablierten Softwareabhängigkeiten schlummern, und betont die Notwendigkeit gründlicher Sicherheitsprüfungen auch für vertrauenswürdige Tools. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-zeigt-proaktive-schritte-gegen-schwachstelle-im-userinfo-segment/a39040/
-
400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws
by
in SecurityNewsVulnCheck finds hundreds of thousands of internet-accessible hosts potentially vulnerable to 2023’s top frequently exploited flaws. The post 400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/400000-systems-potentially-exposed-to-2023s-most-exploited-flaws/
-
Programmiersprache Rust: AWS-Wettbewerb für mehr Sicherheit der Standard-Library
by
in SecurityNewsMittels Crowdsourcing will AWS die Standard-Library von Rust auf Schwachstellen und undefiniertes Verhalten untersuchen. First seen on heise.de Jump to article: www.heise.de/news/Amazon-Web-Services-gibt-Geld-fuer-mehr-Sicherheit-der-Standard-Library-von-Rust-10097801.html
-
CERT-In Flags Critical Vulnerabilities in Zoom: Update Your Apps Now
by
in SecurityNewsThe Indian Computer Emergency Response Team (CERT-In) has issued a detailed security advisory about multiple vulnerabilities found in the popular video conferencing application, Zoom. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cert-in-advisory-for-zoom-vulnerabilities/
-
MITRE Unveils Top 25 Most Critical Software Flaws
by
in SecurityNewsThe 25 most dangerous software weaknesses between June 2023 and June 2024 are responsible for almost 32,000 vulnerabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mitre-unveils-top-25-software-flaws/
-
SentinelOne AI-SPM detects misconfigurations and vulnerabilities in AI applications
by
in SecurityNewsSentinelOne announced new AI security posture management (AI-SPM) capabilities to protect and secure the use of AI services in the workplace. Built on SentinelOne’s … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/22/sentinelone-ai-spm/
-
145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks
by
in SecurityNewsCritical infrastructure, the lifeblood of modern society, is under increasing threat as a new report from Censys reveals that over 145,000 industrial control system (ICS) devices are exposed to the internet. Among these, thousands of human-machine interfaces (HMIs), which allow operators to control critical systems, remain unsecured, leaving them vulnerable to exploitation by […] The…
-
Sicherheitsrisiko: D-Link rät zur Entsorgung einiger Routermodelle
by
in SecurityNewsÜber eine Schwachstelle können Angreifer Schadcode ausführen. Bestimmte Router von D-Link bekommen aber kein Sicherheitsupdate mehr. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsrisiko-D-Link-raet-zur-Entsorgung-einiger-Routermodelle-10097743.html
-
More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days
by
in SecurityNewsThreat actors already hacked thousands of Palo Alto Networks firewalls exploiting recently patched zero-day vulnerabilities. Thousands of Palo Alto Networks firewalls have reportedly been compromised in attacks exploiting recently patched zero-day vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in PAN-OS. CVE-2024-0012is a vulnerability in Palo Alto Networks PAN-OS that allows unauthenticated attackers with network access to the management…
-
Destatis: Doch kein Datenleck? IDEV-Meldesystem wieder online
by
in SecurityNewsDas Statistische Bundesamt (Destatis) hat sein Meldesystem IDEV wieder online genommen. Die Plattform war nach Meldungen über einen Hack mit angeblich abgeflossenen Daten im Umfang von 3,8 GByte abgeschaltet worden. Eine Analyse habe aber laut Destatis keine Hinweise auf eine Schwachstelle oder … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/11/22/destatis-doch-kein-datenleck-idev-meldesystem-wieder-online/
-
Risiko durch veraltete Kurz-URL-Formate Day-Schwachstelle in GNU Wget
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-cyberkriminelle-nutzen-sicherheitsluecke-gnu-wget-jfrog-untersucht-a-367f299da8293de7b06bf5a704b143d4/
-
Chinese Hackers Breached Deep Into US Telecom to Spy on Calls and Texts
by
in SecurityNewsIn a breach that lawmakers are calling the most serious in U.S. history, Chinese hackers infiltrated the nation’s telecommunications systems, gaining the ability to listen to phone conversations and read text messages by exploiting outdated equipment and vulnerabilities in network connections. The revelations come as investigators scramble to understand the full scope of the intrusion.…
-
FortiClient VPN Flaw Enables Undetected Brute-Force Attacks
by
in SecurityNewsA design flaw in the logging mechanism of Fortinet’s VPN servers has been uncovered, allowing attackers to conduct brute-force attacks without detection. This vulnerability, disclosed by cybersecurity researchers at Pentera, highlights a critical gap in Fortinet’s ability to log successful authentication attempts during brute-force attacks, leaving enterprises vulnerable to potential breaches. The issue lies in…