August 6, 2024 at 02:06PM CrowdStrike released a root cause analysis explaining a software update crash that affected Windows systems globally. The mishap was attributed to security vulnerabilities and process gaps, resulting in a system crash. CrowdStrike outlined the technical issues and pledged to collaborate with Microsoft for more secure access to the Windows kernel. … Read more
June 24, 2024 at 03:02PM Application security programs are often challenging, with overloaded staff and communication issues. Despite these hurdles, a team successfully resolved 70,000 out of 80,000 security vulnerabilities in three months. Citizen developers are pervasive in enterprises, creating unique security challenges. A successful AppSec program for citizen developers requires automation, self-service, and adherence … Read more
June 12, 2024 at 06:37PM With rising geopolitical tensions and cyber threats, Rockwell Automation advised customers to disconnect industrial control systems (ICS) from the internet to mitigate vulnerabilities. Cybersecurity experts warn of nation-state attacks targeting critical infrastructure, which face challenges due to online exposure and software vulnerabilities. Securing ICS assets and implementing offline measures are … Read more
May 28, 2024 at 05:28PM A recent surge in Mirai DDoS botnet variant, CatDDoS, has targeted organizations globally. Multiple gangs have exploited at least 80 vulnerabilities, affecting various technologies and products. The threat remains active and has compromised over 300 targets per day. DDoS attacks, primarily targeting individual computers and servers, continue to grow in … Read more
May 16, 2024 at 03:40PM Researchers found 11 security flaws in GE’s Vivid Ultrasound products and related software, with severity ranging from 5.7 to 9.6 on the CVSS 3.1 scale. Nozomi Networks detailed potential risks, including remote code execution, but physical access is needed in some cases. GE has patches and mitigations available on its … Read more
May 14, 2024 at 10:48AM VMware addressed four security vulnerabilities, including three zero-days exploited in the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw, CVE-2024-22267, allows code execution as the virtual machine’s VMX process. Two other high-severity bugs (CVE-2024-22269 and CVE-2024-22270) enable information disclosure, and the fourth vulnerability (CVE-2024-22268) creates a denial of service … Read more
May 13, 2024 at 10:09AM IBM’s X-Force penetration-testing team employed AI-driven tools to hack into a major computer component manufacturer’s network within eight hours. Using automation, they exploited a flaw in the manufacturer’s HR portal, escalated privileges, and utilized a rootkit to avoid detection. The team is also helping other technology providers, banks, and defense … Read more
April 17, 2024 at 05:07PM Attackers are actively targeting Kubernetes OpenMetadata workloads by exploiting multiple security vulnerabilities (CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, and CVE-2024-28254), which were patched on March 15 in OpenMetadata versions 1.2.4 and 1.3.1. Microsoft reports that the attackers download cryptomining-related malware from a remote server, gaining remote access and establishing persistent control. Admins … Read more
April 17, 2024 at 08:48AM Mandiant’s report details the recent activities of the Russian Sandworm group, now tracked as APT44, known for disruptive malware and cyber operations tied to conventional military activities. APT44 has been linked to several cyber incidents, hacktivist personas, supply chain attacks, and espionage activities, uncovering new connections and disruptive tactics. Summary: … Read more
April 17, 2024 at 06:16AM Four University of Illinois Urbana-Champaign computer scientists report that OpenAI’s GPT-4 can autonomously exploit real-world security vulnerabilities based on CVE advisories, outperforming other models and vulnerability scanners. They suggest future AI models will be even more capable. Limiting access to CVE information is not seen as a viable defense. The … Read more