Attackers are exploiting a critical vulnerability in Aviatrix Controller to execute arbitrary code in AWS cloud environments.
The post Critical Aviatrix Controller Vulnerability Exploited Against Cloud Environments appeared first on SecurityWeek.
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025.
What do identity risks, data security risks and third-party
Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions
The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated.
The figures, released by blockchain analytics firm Elliptic, show that monthly inflows have increased by 51% since July 2024.
Huione Guarantee, part
The figures, released by blockchain analytics firm Elliptic, show that monthly inflows have increased by 51% since July 2024.
Huione Guarantee, part
Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces
Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet.
“The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes,” cybersecurity firm
“The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes,” cybersecurity firm
Infostealer Infections Lead to Telefonica Ticketing System Breach
Infostealer malware allowed threat actors to compromise Telefonica employees’ credentials and access the company’s internal ticketing system.
The post Infostealer Infections Lead to Telefonica Ticketing System Breach appeared first on SecurityWeek.
CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability in question is CVE-2024-12686 (CVSS score: 6.6), a medium-severity bug that could
The vulnerability in question is CVE-2024-12686 (CVSS score: 6.6), a medium-severity bug that could
OneBlood confirms personal data stolen in July ransomware attack
Blood-donation not-for-profit OneBlood confirms that donors’ personal information was stolen in a ransomware attack last summer. […]
CISA orders agencies to patch BeyondTrust bug exploited in attacks
CISA tagged a vulnerability in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks, ordering agencies to secure their systems within three weeks. […]
Stolen Path of Exile 2 admin account used to hack player accounts
Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. […]
AI Won’t Take This Job: Microsoft Says Human Ingenuity Crucial to Red-Teaming
Redmond’s AI Red Team says human involvement remains irreplaceable in addressing nuanced risks.
The post AI Won’t Take This Job: Microsoft Says Human Ingenuity Crucial to Red-Teaming appeared first on SecurityWeek.