Month: October 2024
Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication to address vulnerabilities in Cisco ASA, FMC, and FTD. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the…
Read More
ESET researchers have discovered new Rust-based tooling leading to the deployment of Embargo ransomware. Embargo is a relatively new player in the ransomware scene, first observed by ESET in June 2024. The new toolkit consists of a loader and an EDR killer, named MDeployer and MS4Killer respectively by ESET. MS4Killer is particularly noteworthy as it…
Read MoreCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing…
Read More
‘With Amit [Zavery], we found the dream innovator to captivate the market with a compelling vision for ServiceNow as the AI platform for business transformation,’ says ServiceNow CEO Bill McDermott about hiring its new president, chief product officer and chief operating officer. Google Cloud’s former general manager of cloud operations and business platform, Amit Zavery,…
Read More
A new Rust-based version of the Qilin (Agenda) ransomware strain, dubbed ‘Qilin.B,’ has been spotted in attacks, featuring stronger encryption, better evasion from security tools, and the ability to disrupt data recovery mechanisms. Qilin.B was spotted by security researchers at Halcyon, who warned about the threat and shared indicators of compromise to help with early…
Read MoreCISA released four Industrial Control Systems (ICS) advisories on October 24, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol
Read More
Iterate.ai’s Generate application is part of a new SMB App Pack that Intel is bundling with AI PCs for channel partners to sell, and it has partnered with TD Synnex to handle distribution for the application, which the company says is only the beginning of its channel ambitions. An Intel ISV partner said it’s going…
Read More
A new Fortinet FortiManager flaw dubbed “FortiJump” and tracked as CVE-2024-47575 has been exploited since June 2024 in zero-day attacks on over 50 servers, according to a new report by Mandiant. For the past ten days, rumors of an actively exploited FortiManager zero-day have been circulating online after Fortinet privately notified customers in an advanced…
Read MoreToday, CISA—along with U.S. and international partners—released joint guidance, Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers. This guide aids software manufacturers in establishing secure software deployment processes to help ensure software is reliable and safe for customers. Additionally, it offers guidance on how to deploy in an efficient manner as part of…
Read More
Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that could have resulted in an account takeover under specific circumstances. “The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover,” Aqua…
Read More