November 19, 2024 at 04:40AM SecurityWeek Network offers comprehensive cybersecurity news, covering topics like malware, cybercrime, data breaches, and more. It features webcasts, virtual events, and resources for professionals, including newsletters and forums for CISOs. Subscribe for updates on the latest threats and expert insights, with the option to unsubscribe anytime. **Meeting Notes Takeaways:** 1. … Read more
November 19, 2024 at 02:57AM T-Mobile has confirmed it was targeted by Chinese threat actors, known as Salt Typhoon, during a prolonged cyber espionage campaign. Although no significant impact on T-Mobile’s data has been reported, the situation highlights broader vulnerabilities in U.S. telecoms, including potential theft of sensitive communications. Investigations continue. ### Meeting Takeaways 1. … Read more
November 19, 2024 at 02:03AM Recently patched vulnerabilities in Progress Kemp LoadMaster and VMware vCenter Server are being actively exploited. CISA added CVE-2024-1212, a critical flaw, to its Known Exploited Vulnerabilities catalog. Other vulnerabilities in VMware include CVE-2024-38812 and CVE-2024-38813, with remediation recommended by December 9, 2024, for federal agencies. **Meeting Takeaways – November 19, … Read more
November 18, 2024 at 03:48PM T-Mobile US is monitoring an industry-wide cyber-espionage campaign believed to be conducted by Chinese government-backed hackers. Though the company has not confirmed being compromised, it stated there were no significant impacts or evidence of data theft. The FBI recently reported similar breaches across multiple telecoms. **Meeting Takeaways:** 1. **Cyber-Espionage Campaign … Read more
November 18, 2024 at 01:31PM VMware’s critical CVE-2024-38812 vulnerability in vCenter Server has been exploited in the wild, prompting urgent updates from the company. Initially reported at a Chinese hacking contest, the flaw allows remote code execution. Past patches failed to fully resolve the issue, emphasizing the need for customers to apply fixes urgently. Here … Read more
November 18, 2024 at 08:19AM The CISO Forum Virtual Summit sessions are now available for instant viewing. SecurityWeek offers extensive resources on various cybersecurity topics, including malware, ransomware, incident response, and risk management. Subscribe to their Daily Briefing Newsletter for the latest news and expert insights. Unsubscribe anytime. ### Meeting Takeaways: 1. **CISO Forum Virtual … Read more
November 18, 2024 at 06:03AM IT leaders are urged to conduct more frequent network penetration testing to stay ahead of hackers, as compliance-focused approaches are insufficient. Automated testing solutions like vPenTest can reduce costs by over 60%, allowing companies to perform assessments quickly, maintain security year-round, and meet regulatory and insurance requirements efficiently. ### Meeting … Read more
November 16, 2024 at 12:53PM T-Mobile confirmed it was hacked amid a series of telecom breaches by Chinese state-sponsored group Salt Typhoon, targeting private communications and call records. Although T-Mobile stated that its systems were not significantly impacted, the U.S. government noted that customer data was stolen across multiple telecommunications companies. This marks T-Mobile’s ninth … Read more
November 16, 2024 at 03:48AM Palo Alto Networks has identified a critical zero-day vulnerability in its PAN-OS firewall, allowing unauthenticated remote command execution. Exploited in the wild, this flaw has a CVSS score of 9.3 and could enable persistent access via a web shell. Immediate action is advised until patches are available. ### Meeting Takeaways … Read more
November 15, 2024 at 04:19PM Palo Alto Networks’ firewall management interface has a critical zero-day vulnerability, allowing remote code execution by unauthenticated attackers. With a CVSS rating of 9.3, it currently lacks a patch. Users are advised to restrict access to the interface. Other vulnerabilities have been identified, with fixes available. ### Meeting Takeaways 1. … Read more