A Fortinet zero-day tracked as CVE-2024-47575 and named FortiJump has been exploited since at least June 2024.
The post New Fortinet Zero-Day Exploited for Months Before Patch appeared first on SecurityWeek.
Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA
Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them.
When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, it’s a pretty good idea to at least read the
When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, it’s a pretty good idea to at least read the
Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements
The Penn State university has agreed to pay $1.25 million to settle alleged failure to meet cybersecurity requirements for DoD and NASA contracts.
The post Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements appeared first on SecurityWeek.
New Scoring System Helps Secure the Open Source AI Model Supply Chain
AI models from Hugging Face can contain similar hidden problems to OSS downloads from repositories such as GitHub.
The post New Scoring System Helps Secure the Open Source AI Model Supply Chain appeared first on SecurityWeek.
Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices
The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw in Google Chrome to seize control of infected devices.
Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor.
This entails triggering the
Cybersecurity vendor Kaspersky said it discovered a novel attack chain in May 2024 that targeted the personal computer of an unnamed Russian national with the Manuscrypt backdoor.
This entails triggering the
Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign
Cisco has released patches for multiple vulnerabilities in ASA, FMC, and FTD products, including an exploited flaw.
The post Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign appeared first on SecurityWeek.
Samsung Galaxy S24 Hacked at Pwn2Own Ireland 2024
Over $350,000 was paid out on day 2 of Pwn2Own Ireland 2024, including $50,000 for an exploit targeting the Samsung Galaxy S24.
The post Samsung Galaxy S24 Hacked at Pwn2Own Ireland 2024 appeared first on SecurityWeek.
Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation
Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild.
Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol.
“A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may
Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol.
“A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may
Mandiant says new Fortinet flaw has been exploited since June
A new Fortinet FortiManager flaw dubbed “FortiJump” and tracked as CVE-2024-47575 has been exploited since June 2024 in zero-day attacks on over 50 servers, according to a new report by Mandiant. […]
Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems
Fortinet confirms zero-day exploits hitting remote code execution bug in the FortiManager platform. CVSS severity score 9.8/10.
The post Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems appeared first on SecurityWeek.