September 13, 2024 at 06:56PM The Port of Seattle, a US government agency, confirmed that the Rhysida ransomware operation was responsible for a recent cyberattack on its systems. This attack has affected the port and airport for the past three weeks. Based on the meeting notes, it seems that the Port of Seattle has confirmed … Read more
September 13, 2024 at 05:03AM GitLab announced patches for 17 vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE) including a critical pipeline execution bug, CVE-2024-6678, with a CVSS score of 9.9. Successful exploitation could disrupt services and inject malicious code. The vulnerabilities affect versions 8.14 to 17.3.1, and patches are available in versions … Read more
September 12, 2024 at 12:04PM Google has empowered Chrome’s Safety Check to take security decisions on the user’s behalf. This feature now automatically runs in the background, revoking unneeded permissions, canceling deceptive notifications, and notifying users about security issues. It also provides more control over website permissions and extensions, aiming to improve user safety and … Read more
September 12, 2024 at 10:50AM GitLab has released critical updates to address multiple vulnerabilities, including the most severe CVE-2024-6678, allowing an attacker to trigger pipelines as arbitrary users. The release encompasses versions 17.3.2, 17.2.5, and 17.1.7 for both CE and EE, and addresses a total of 18 security issues. GitLab urges immediate upgrading to the … Read more
September 12, 2024 at 05:24AM Palo Alto’s Unit 42 threat intel team warns of a rising tactic used by phishers to steal victims’ credentials. They identified over 2,000 large-scale phishing campaigns abusing HTTP header refresh entries to redirect visitors to malicious websites. The phishing attacks primarily target business and economy sectors, highlighting the need for … Read more
September 11, 2024 at 12:04AM Wiz launched Wiz Code, a cloud app security product that identifies and resolves cloud risks in code before they become critical issues. It integrates with developer environments, highlighting security issues and providing fix suggestions. Wiz Code aims to enhance collaboration between security and development teams by aligning issues with their … Read more
September 9, 2024 at 09:27AM An academic researcher has developed a new attack technique, named RAMBO, that uses radio signals from memory buses to exfiltrate data from air-gapped systems. The technique allows for the capture of encoded files, encryption keys, images, keystrokes, and biometric information at a rate of 1,000 bits per second from up … Read more
September 9, 2024 at 05:09AM Join us on September 16, 2024, at 11:00 AM BST (12:00 PM CEST) for an exclusive webinar with Chris Dale, SANS Principal Instructor. Gain in-depth knowledge of NIS2, DORA, and Tiber-EU regulations, strategic insights into their impact on IT security, best practices for cyber resilience, and exclusive survey findings for … Read more
September 9, 2024 at 02:57AM Progress Software has issued an emergency fix for a critical vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant products, allowing remote command execution. Based on the meeting notes, it appears that Progress Software has issued an emergency fix for a critical severity vulnerability affecting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor … Read more
September 6, 2024 at 09:18AM The SecurityWeek cybersecurity news roundup offers a valuable compilation of noteworthy cybersecurity stories that may not warrant full articles. This week’s stories include MITRE’s comparison of international PQC standards, US Army Special Forces hack, Transport for London cyberattack, CBIZ data breach, UK’s takedown of a banking anti-fraud website, OpenSSL and … Read more