Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. […]
Microsoft issues urgent dev warning to update .NET installer link
Microsoft is forcing .NET developers to quickly update their apps and developer pipelines so they do not use ‘azureedge.net’ domains to install .NET components, as the domain will soon be unavailable due to the bankruptcy and imminent shutdown of CDN provider Edgio. […]
Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks
Palo Alto Networks has patched CVE-2024-3393, a vulnerability that has been exploited for DoS attacks against the company’s firewalls.
The post Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks appeared first on SecurityWeek.
Four-Faith Industrial Router Vulnerability Exploited in Attacks
Threat actors are exploiting a command injection vulnerability in Four-Faith industrial routers to deploy a reverse shell.
The post Four-Faith Industrial Router Vulnerability Exploited in Attacks appeared first on SecurityWeek.
New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
The United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients’ data against potential cyber attacks.
The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the
The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the
US Issues Final Rule for Protecting Personal Data Against Foreign Adversaries
The DoJ has issued a final rule addressing adversaries’ access to and exploitation of Americans’ bulk sensitive personal information.
The post US Issues Final Rule for Protecting Personal Data Against Foreign Adversaries appeared first on SecurityWeek.
Several Chrome Extensions Compromised in Supply Chain Attack
Cyberhaven and other Chrome extensions were compromised in a supply chain attack targeting Facebook advertising users.
The post Several Chrome Extensions Compromised in Supply Chain Attack appeared first on SecurityWeek.
Cisco Confirms Authenticity of Data After Second Leak
Cisco has confirmed that 4 Gb of data leaked by a hacker is authentic and related to a recently disclosed security incident.
The post Cisco Confirms Authenticity of Data After Second Leak appeared first on SecurityWeek.
When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions
News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure (LayerX, one of the companies involved in
AT&T and Verizon say networks secure after Salt Typhoon breach
AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks. […]