Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. […]
QNAP warns of critical auth bypass flaw in its NAS devices
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. […]
UnitedHealth brings some Change Healthcare pharmacy services back online
Optum’s Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. […]
Microsoft says Russian hackers breached its systems, accessed source code
Microsoft says the Russian ‘Midnight Blizzard’ hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack. […]
Meta Details WhatsApp and Messenger Interoperability to Comply with EU’s DMA Regulations
Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union.
“This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger or WhatsApp – both designated
“This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger or WhatsApp – both designated
Secrets Sensei: Conquering Secrets Management Challenges
In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We’re all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let’s dispense with the pleasantries; this isn’t a simple ‘set it and forget it’ scenario. It’s
Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client
Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user.
The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF
The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF
QEMU Emulator Exploited as Tunneling Tool to Breach Company Network
Threat actors have been observed leveraging the QEMU open-source hardware emulator as tunneling software during a cyber attack targeting an unnamed “large company” to connect to their infrastructure.
While a number of legitimate tunneling tools like Chisel, FRP, ligolo, ngrok, and Plink have been used by adversaries to their advantage, the development marks the first QEMU that has been
While a number of legitimate tunneling tools like Chisel, FRP, ligolo, ngrok, and Plink have been used by adversaries to their advantage, the development marks the first QEMU that has been
CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a complete
The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a complete
CISA, NSA share best practices for securing cloud services
The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. […]