Recent Security News
-
Cyberattack Disrupts Production at Varta Battery Factories
February 15, 2024 at 10:51AM Germany’s Varta disclosed a cyberattack disrupted production at five plants, affecting IT systems and administrative processes. The extent of damage is uncertain, with a task force formed to restore normal operations and work with cyber security experts. Varta’s global presence and impact on battery production is highlighted. Suspicion of a…
-
Zoom stomps critical privilege escalation bug plus 6 other flaws
February 15, 2024 at 10:37AM Zoom has disclosed security vulnerabilities, including a critical privilege escalation flaw (CVE-2024-24691). It affects Windows versions of Zoom desktop client, VDI client, Rooms client, and Zoom Meeting SDKs. Other vulnerabilities were also patched, with impacts ranging from denial of service to information disclosure. Users are urged to update to the…
-
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs
February 15, 2024 at 10:33AM Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple high to critical security issues. The flaws include authentication bypass, server-side-request forgery, arbitrary command execution, and command injection problems. Despite available security updates, a large number of endpoints are still exposed to these vulnerabilities, increasing the risk…
-
Three critical application security flaws scanners can’t detect
February 15, 2024 at 10:33AM Web application security is vital in today’s interconnected world, with 25% of breaches involving web application attacks. Automated vulnerability scanners, while important, have limitations in detecting logic flaws, incomplete coverage, and advanced attack techniques. Manual pen testing offers a more nuanced assessment, considering specific context and providing better risk communication.…
-
Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor
February 15, 2024 at 10:18AM Russian threat actor Turla has been using a new backdoor, TinyTurla-NG, in a campaign targeting Polish non-governmental organizations. The backdoor is similar to TinyTurla, used in previous intrusions. Turla, linked to the FSB, has also targeted the defense sector in Ukraine and Eastern Europe with a .NET-based backdoor called DeliveryCheck.…