January 15, 2024 at 10:40AM The FTC secures settlement with X-Mode Social, prohibiting sale of sensitive location data. Outlogic to delete previously collected data and honor opt-out requests, under FTC settlement. Critical vulnerabilities in Cisco, Siemens, Rapid Software, and Fortinet products. iOSpionage campaign exploited Apple’s ECC. HMG hit by data breach, unable to identify compromised … Read more
January 15, 2024 at 06:12AM Juniper Networks has addressed more than 100 vulnerabilities, including the critical CVE-2024-21591 affecting Junos OS. The flaw could allow attackers to execute arbitrary code or cause a denial-of-service. Additionally, the company has patched high and medium severity flaws in third-party components. No known attacks exploiting these vulnerabilities have been reported. … Read more
January 12, 2024 at 09:25PM Mandiant’s threat intel team identified two zero-day bugs in Ivanti products that were under attack by cyberspies as early as December. Ivanti has disclosed the vulnerabilities in their products and is working on rolling out patches while urging customers to immediately deploy mitigations. The situation is particularly concerning as the … Read more
January 12, 2024 at 05:43PM GitLab releases versions 16.7.2, 16.6.3, and 16.5.6 to address critical vulnerabilities. These include an authentication issue allowing unverified email password resets and a vulnerability enabling slash command abuse in Slack/Mattermost. Other vulnerabilities affect code approval, workspace creation, and signed commit metadata. GitLab urges upgrading and enabling two-factor authentication. Based on … Read more
January 11, 2024 at 04:01AM A pair of zero-day flaws in Ivanti Connect Secure (ICS) and Policy Secure have been exploited by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity identified the activity and attributed it to a hacking group it tracks under the name UTA0178. Patches are expected to … Read more
January 10, 2024 at 07:09AM In January 2024, Google released Android security updates, addressing a total of 58 vulnerabilities across the platform and Pixel devices. It included high-severity issues in Framework and System components. The update also addressed vulnerabilities in third-party components. Additionally, Pixel devices received fixes for three medium-severity vulnerabilities. Users are advised to … Read more
January 10, 2024 at 12:06AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six actively exploited security flaws to its catalog, including a high-severity vulnerability in Apache Superset. Details of the issue were first reported in April 2023. CISA recommends federal agencies to apply fixes for these bugs by January 29, 2024, to … Read more
January 9, 2024 at 02:00PM Microsoft issued urgent patches for critical, remote code execution vulnerabilities affecting Windows Kerberos and Hyper-V. The company’s latest “Patch Tuesday” aimed to address these significant security threats. (47 words) It looks like the meeting notes are highlighting the urgency of the critical vulnerabilities in Windows Kerberos and Windows Hyper-V that … Read more
January 9, 2024 at 09:06AM Researchers from Nozomi Networks have uncovered significant vulnerabilities in Bosch Rexroth nutrunners used in the automotive industry, potentially allowing hackers to gain control of these devices remotely. The vulnerabilities, including over two dozen security holes, pose serious threats to operational and reputational integrity. Bosch Rexroth plans to address the flaws … Read more
January 8, 2024 at 09:54AM QNAP Systems has released patches for a dozen vulnerabilities, including high-severity flaws affecting its operating system and products like QTS, QuTS hero, Video Station, and QuMagie. These vulnerabilities could allow remote attackers to execute arbitrary code, perform SQL injection and OS command injection, and exploit cross-site scripting flaws. Details can … Read more