March 14, 2024 at 01:21AM Fortinet warns of critical flaw (CVE-2023-48788) in FortiClientEMS and two other bugs in FortiOS and FortiProxy, with a 9.3 CVSS score. Exploitation could result in unauthorized code execution. Upgrade affected versions as per the advisory. No current active exploitation, but immediate patching is crucial due to prior abuse of unpatched … Read more
March 13, 2024 at 05:26PM The DarkGate malware exploits Windows Defender SmartScreen vulnerability, allowing attackers to automatically install fake software. Microsoft fixed the flaw in mid-February, but DarkGate operators are still using it to infect targeted systems. The attack involves malicious emails with PDF attachments, using open redirects to bypass security checks. Once executed, the … Read more
March 13, 2024 at 04:59PM MarineMax disclosed a “cybersecurity incident” to the SEC, reporting a third-party’s unauthorized access to its information systems. Despite the disruption, the company stated the incident had not materially impacted its operations, with no sensitive data compromised. The investigation is ongoing, and law enforcement has been notified. The company filed a … Read more
March 13, 2024 at 04:01PM Automobile manufacturers are transforming vehicles into next-gen application platforms, offering “software-defined” features. This enhances safety and offers conveniences like remote disablement but increases cybersecurity risks. Vulnerabilities include physical risks, theft, DDoS, and data privacy concerns. While security efforts show improvement, manufacturers need to prioritize security controls, secure development processes, and … Read more
March 13, 2024 at 03:32PM Nissan’s Oceania-region corporate and finance offices experienced a ransomware attack on Dec. 5, compromising sensitive data of around 100,000 individuals in Australia and New Zealand. The breach includes government IDs and other personal information of Renault-Nissan-Mitsubishi Alliance customers. The nature of the attack and the perpetrators have not been disclosed, … Read more
March 13, 2024 at 02:48PM Fortinet patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) software, impacting versions 7.0 and 7.2. The company also fixed an out-of-bounds write weakness in FortiOS and FortiProxy captive portal, as well as other high-severity flaws. A prior RCE bug was disclosed, potentially exploited … Read more
March 13, 2024 at 02:19PM The latest PixPirate banking trojan for Android conceals itself on phones even after its dropper app is removed. It avoids using a launcher icon and is designed to remain hidden on recent Android versions. Employing two apps, it steals information and targets the Brazilian instant payment platform Pix to initiate … Read more
March 13, 2024 at 02:10PM Google awarded $10 million to 632 bug hunters in 2023, slightly less than the previous year. The company introduced new reward categories and a Bonus Awards program. High-paying categories included Android VRP, and Wear OS was added to the bounty program. However, the effectiveness of bug bounties in making software … Read more
March 13, 2024 at 12:51PM Russian-Canadian national Mikhail Vasiliev, 34, sentenced to nearly four years in prison in Canada for his role in LockBit ransomware operation. He targeted at least three organizations in Canada, seeking ransom payments. The US is also pursuing charges against him. LockBit, operating under ransomware-as-a-service model, was a prolific operation until … Read more
March 13, 2024 at 12:45PM Annual pen test vendor rotation seeks to maintain a fresh perspective on security. While it can uncover missed vulnerabilities and foster healthy competition, drawbacks include lack of consistency and high resource consumption. Penetration Testing as a Service (PTaaS) offers a sustainable alternative, providing continuous monitoring and insights while streamlining vendor … Read more