December 1, 2023 at 01:54AM Zyxel released patches for 15 security issues affecting NAS, firewall, and AP devices. This includes three critical vulnerabilities that could allow unauthenticated command execution. High-severity flaws enabling system information access and arbitrary command execution were also patched. Users are urged to update their devices to prevent exploitation. Meeting Takeaways: 1. … Read more
November 30, 2023 at 10:17AM Zyxel has patched critical security vulnerabilities in its NAS devices that risked unauthorized command execution and data compromise. Users of NAS326 and NAS542 models must update their firmware to versions V5.21(AAZF.15)C0 and V5.21(ABAG.12)C0 or later, respectively, as there are no alternative mitigations. **Takeaways from Meeting Notes:** 1. **Issue Identification:** Zyxel … Read more
November 28, 2023 at 05:08PM Researchers have discovered three unpatched vulnerabilities in Ray, an open source framework used for scaling AI and machine learning workloads. These vulnerabilities could allow attackers to gain operating system access, execute remote code, and escalate privileges. Anyscale, the company that sells a managed version of Ray, has not yet addressed … Read more
November 27, 2023 at 04:07PM General Electric (GE) and the Defense Advanced Research Projects Agency (DARPA) have been breached. Stolen data, including access credentials and military information, is being sold on the Dark Web. GE is aware of the claims and is investigating the issue. The breach raises concerns about cyberattacks on federal agencies and … Read more
November 27, 2023 at 08:30AM Passive network attackers can obtain private RSA host keys from a vulnerable SSH server by observing computational faults during connection establishment, according to a new study. These attackers can then intercept sensitive data and conduct adversary-in-the-middle attacks. The research highlights the importance of encrypting protocol handshakes, binding authentication to sessions, … Read more
November 27, 2023 at 07:48AM The UK National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) have issued a warning about state-sponsored hackers from North Korea targeting government, financial, and defense organizations through software supply chain attacks. The attackers exploited vulnerabilities to precisely target specific organizations. They used a watering hole attack and … Read more
November 23, 2023 at 10:48AM DevOps professionals face challenges in learning complex technologies and developing interpersonal skills. Networking in modern network architectures, writing software tests, mastering infrastructure as code, and understanding containerization and orchestration are some of the most difficult skills for DevOps practitioners. Additionally, soft skills like communication, empathy, and adaptability are crucial to … Read more
November 23, 2023 at 10:48AM Private 5G networks are at risk due to a vulnerability in the GPRS Tunneling Protocol User Plane (GTP-U). The lack of encryption and authentication mechanisms in this critical link allows attackers to breach private 5G networks through packet reflection. To mitigate this risk, organizations should implement robust security protocols, firewalls, … Read more
November 20, 2023 at 11:01AM Threat actors are using a remote access trojan called NetSupport RAT to target the education, government, and business services sectors. The trojan is delivered through fraudulent updates, drive-by downloads, malware loaders, and phishing campaigns. The cybersecurity firm VMware Carbon Black has detected 15 new infections related to NetSupport RAT in … Read more
November 20, 2023 at 06:03AM Thousands of K-12 public schools in the United States are vulnerable to ransomware attacks due to lax cybersecurity measures. In response, the Biden administration has been offering free cybersecurity services to school districts and urging more to take advantage of these programs. Ransomware attackers, often based in Russia, target schools … Read more