Recent Security News
-
Cisco Patches Critical Vulnerability in Unity Connection Product
January 11, 2024 at 09:21AM Cisco announced patches for a critical vulnerability (CVE-2024-20272) in Unity Connection, enabling remote exploitation without authentication. Versions 12.5.1.19017-4 and 14.0.1.14006-5 resolve this. Additionally, a medium-severity flaw (CVE-2024-20287) in the WAP371 access point’s discontinued model has a released exploit code. Cisco advises migration to Business 240AC AP and announced patches for…
-
Mandiant Details How Its X Account Was Hacked
January 11, 2024 at 09:21AM Mandiant’s social media account on platform X was hacked, resulting in a cryptocurrency theft campaign generating over $900,000 for cybercriminals. The attack involved promoting a fake website. The company’s investigation revealed a compromised password attack, leading to changes in their security process. Mandiant detailed the ClinkSink campaign and identified numerous…
-
7 Lessons Learned From Designing a DEF CON CTF
January 11, 2024 at 09:19AM Capture the Flag (CTF) events offer an engaging and educational platform for cybersecurity professionals to enhance their hacking skills and gain practical knowledge. CTF design requires careful consideration of technical challenges, operational complexity, and the need for engaging storytelling. Lessons learned include the importance of software development approaches, operational rigor,…
-
New Developer Tools Necessary to Boost Passkey Adoption
January 11, 2024 at 09:19AM Passkeys, a password-less technology, utilize device-based authentication and public-key encryption. Though initially esoteric, they are gaining traction with major websites and identity ecosystems, supported by tech giants like Apple, Google, and Microsoft. The move towards mainstream adoption is underway, with a focus on developer adoption and tools to simplify implementation.…
-
About the security content of Magic Keyboard Firmware Update 2.0.6 – Apple Support
January 11, 2024 at 09:07AM A session management issue (CVE-2024-0230) impacting Bluetooth accessories was addressed with improved checks. The update, released on January 9, 2024, mitigates the risk of attackers extracting Bluetooth pairing keys and monitoring traffic. Affected products include various Magic Keyboards, with an available update to address the issue. Based on the meeting…