Month: May 2024
May 23, 2024NewsroomThreat Intelligence / Vulnerability, The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control…
Read More
May 23, 2024NewsroomRansomware / Virtualization Ransomware attacks targeting VMware ESXi infrastructure following an established pattern regardless of the file-encrypting malware deployed. “Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,” cybersecurity firm…
Read More
Security researchers reverse-engineered Apple’s recent iOS 17.5.1 update and found that a recent bug that restored images deleted months or even years ago was caused by an iOS bug and not an issue with iCloud. Despite widespread reports from users and tech outlets confirming the alarming issue, Apple remained silent about the root cause, failing to…
Read More
The United Kingdom’s Information Commissioner Office (ICO) intends to impose a fine of £750,000 ($954,000) on the Police Service of Northern Ireland (PSNI) for exposing the entire workforce’s personal details by mistakenly publishing a spreadsheet online. PSNI disclosed the incident on August 8, 2023, when the police force warned that a mistake occurred during a…
Read More
“So once the acquisition closes, our partners will have the opportunity to join Palo Alto Networks’ partner program, if they’re not already part of that, so they will be able to then sell Palo Alto’s Cortex XSIAM,” IBM’s Channel Chief Kate Woolley tells CRN. IBM and Palo Alto Networks are working together to make sure…
Read More
The company says the acquisition of Informer will help with automating the identification of exposed assets. Bugcrowd unveiled the acquisition of a decade-old provider of external attack surface management capabilities, Informer, in the latest in a series of acquisitions in the space. Terms of the acquisition weren’t disclosed. Informer has 15 employees, Bugcrowd told CRN.…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…
Read MoreRockwell Automation has released guidance encouraging users to remove connectivity on all Industrial Control Systems (ICS) devices connected to the public-facing internet to reduce exposure to unauthorized or malicious cyber activity. Users and administrators are encouraged review the following Rockwell Automation notice for more information: Source link lol
Read More
May 23, 2024NewsroomCyber Espionage / Network Security The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign. “The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while…
Read MoreCISA released one Industrial Control Systems (ICS) advisory on May 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol
Read More