June 10, 2024 at 05:33PM The cyberattack threat landscape for organizations encompasses various IT, IoT, and operational technology devices, offering opportunities for bad actors. Forescout Research highlights key findings, including IT devices accounting for most vulnerabilities, a surge in IoT vulnerabilities, and the top three riskiest verticals being technology, education, and manufacturing. A holistic approach … Read more
May 21, 2024 at 12:45PM QNAP Systems issued patches for multiple vulnerabilities, including CVE-2024-27130, described as an unsafe use of the ‘strcpy’ function in the No_Support_ACL function, leading to a stack buffer overflow and potential remote code execution. QNAP advised users to update to QTS 5.1.7 to mitigate the risk and address multiple other vulnerabilities. … Read more
January 16, 2024 at 11:51AM Two unauthenticated denial-of-service (DoS) vulnerabilities, CVE-2022-22274 and CVE-2023-0656, threaten the security of SonicWall next-generation firewall devices. Attackers can exploit these flaws to crash devices or execute remote code. Vulnerable SonicWall series 6 and 7 firewalls are at risk. Administrators are urged to update to the latest firmware to mitigate potential … Read more
November 23, 2023 at 03:29AM Akamai has discovered two zero-day vulnerabilities that are being exploited to distribute the Mirai malware and create botnets for DDoS attacks. The vulnerabilities target routers and network video recorders from two vendors, and the devices’ default passwords are being used. Akamai’s Security Intelligence Response Team has not disclosed the affected … Read more
November 22, 2023 at 05:39PM Researchers have discovered vulnerabilities in Windows Hello’s fingerprint authentication system that allow hackers to bypass the security and login as someone else. The team found flaws in the communication between the software and hardware components of laptops using fingerprint sensors from Goodix, Synaptics, and ELAN. The vulnerabilities vary across different … Read more
November 17, 2023 at 06:29PM Ransomware gangs are targeting vulnerable Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files. The threat actors exploit the Citrix Bleed vulnerability (CVE-2023-4966). Many recent victims, including Toyota Financial Services, ICBC, DP World, Allen & Overy, and Boeing, were found to have … Read more
November 13, 2023 at 12:29PM CISA has warned federal agencies to secure Juniper devices on their networks by Friday due to four vulnerabilities that are being actively exploited. Juniper has acknowledged successful exploitation of these vulnerabilities and has urged customers to upgrade immediately. Over 10,000 Juniper devices with vulnerable interfaces have been exposed online. CISA … Read more
October 16, 2023 at 08:35PM Connected medical devices are vulnerable to cyber attacks, endangering patient data and operations. Palo Alto Networks found that 75% of infusion pumps had at least one security flaw. Hospitals can enhance defenses by maintaining visibility of assets, identifying device exposures, implementing a zero trust approach, using virtual patching for legacy … Read more