December 16, 2023 at 05:41PM MongoDB experienced a cyberattack that breached its corporate systems and exposed customer data. The attack was detected by the company, and an investigation is ongoing. Although customer account metadata and contact information were compromised, data stored in MongoDB Atlas remains secure. The company urges customers to take security measures and … Read more
December 12, 2023 at 02:44PM Security vulnerabilities in Google Cloud’s “Dataproc” service could allow hackers to access sensitive data and execute unauthorized operations due to default open firewall ports without authentication. Despite researchers’ efforts, Google has not addressed the issue. They recommend proper network segmentation and vulnerability management to mitigate the risk until a fix … Read more
December 12, 2023 at 12:36PM Sophos issued a backported security update for CVE-2022-3236 for end-of-life firewall firmware versions due to active exploitation by hackers. The flaw allows remote code execution in the User Portal and Webadmin. Despite automatic updates, over 4,000 devices remained vulnerable. Sophos advised updating to specific versions or using workarounds to mitigate … Read more
December 12, 2023 at 09:57AM Around 1,450 pfSense instances online are vulnerable to command injection and cross-site scripting flaws, potentially allowing remote code execution. SonarCloud’s researchers discovered these flaws in mid-November, affecting older versions of pfSense. Netgate released security updates in November, but as of now, the majority of instances remain vulnerable, posing a significant … Read more
November 15, 2023 at 11:11AM The encryption algorithms used to secure emergency radio communications will be released to the public domain, after vulnerabilities were found in TETRA. The decision to go public is a complete turn from ETSI, which initially denied vulnerabilities. The algorithms will be open to academic research for independent reviews. No date … Read more
November 3, 2023 at 12:11PM Microsoft is launching a new initiative called the Secure Future Initiative (SFI) to enhance the security of its software and cloud services. The SFI focuses on three key pillars, including the increased use of AI in security operations and products, an update of software engineering practices leveraging AI, and ensuring … Read more
October 30, 2023 at 05:56PM A security researcher has published a proof-of-concept exploit for Wyze Cam v3 devices, allowing attackers to take control of vulnerable cameras. The exploit takes advantage of two flaws in the firmware, enabling remote code execution and the ability to overwrite stack memory. Wyze has released a firmware update to address … Read more
October 23, 2023 at 04:25PM Game maker Valve announced that it will require developers on its Steam platform to provide their phone numbers for SMS-based two-factor authentication (2FA) starting October 24. However, SMS-based 2FA is not entirely secure, as attackers can bypass it through various methods. Despite its flaws, SMS-based 2FA is still used by … Read more
October 20, 2023 at 04:34PM Eight critical vulnerabilities have been discovered in SolarWinds’ Access Rights Manager Tool, exposing unpatched systems to potential privilege escalation by attackers. The vulnerabilities range from allowing remote code execution to performing local privilege escalation. A new ARM version, 2023.2.1, has been released to fix the vulnerabilities, and SolarWinds clients are … Read more
October 15, 2023 at 01:53PM Valve is implementing additional security measures on Steam to address the recent outbreak of malware being pushed from compromised publisher accounts. Starting October 24, game developers will be required to pass an SMS-based security check before pushing updates, and the same requirement will be enforced for adding new users to … Read more