June 4, 2024 at 10:14AM An API authorization-bypass flaw in Cox Communications’ infrastructure exposed millions of business customer devices to attacks. Independent bug researcher Sam Curry identified and reported the issue, leading to a prompt fix by the provider. Potential risks included unauthorized access to customer information, Wi-Fi passwords, and connected devices. The vulnerability highlighted … Read more
January 10, 2024 at 01:59PM Ivanti has disclosed two zero-day vulnerabilities in its Connect Secure (ICS) and Policy Secure products. The CVE-2023-46805 flaw bypasses authentication, while CVE-2024-21887 allows arbitrary command execution. Chaining the two enables attackers to run commands without authentication. Ivanti is working on patches, with mitigation available until then. The company reports limited … Read more
December 20, 2023 at 07:51AM Comcast’s Xfinity recently disclosed a data breach affecting approximately 36 million individuals to US authorities. Hackers accessed customer data, including personal details and hashed passwords. The breach possibly impacts all Xfinity customers and employees. The attack exploited a Citrix Netscaler ADC and Gateway vulnerability named CitrixBleed, despite Xfinity’s prompt patch … Read more
December 1, 2023 at 02:22PM Japan’s space agency, JAXA, suffered a cyberattack this past summer through a Microsoft Active Directory breach, potentially exposing sensitive data. Nation-state hackers are suspected given past incidents involving Chinese military hackers. JAXA is investigating the breach’s scope and has partially shut down its network. **Takeaways from Meeting Notes:** 1. Incident … Read more