Author: nlqip

Cloudflare: On February 1, Cloudflare announced it had detected a threat actor on its self-hosted Atlassian server on November 23. Although the primary point of compromise in this incident came through account credentials that Cloudflare failed to rotate after an Okta compromise, the company said the threat actor attempted to gain access to a non-production…

Read More

Feb 13, 2024NewsroomVulnerability / Email Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems…

Read More

Over 20 hospitals in Bucharest have reportedly been impacted by a ransomware attack after cybercriminals targeted an IT service provider. As a consequence medical staff have been forced to use pen-and-paper rather than computer systems. Romania’s National Cybersecurity Directorate (DNSC) said in a statement that the attackers encrypted hospital data using the Backmydata ransomware –…

Read More

As we seek to unlock the secrets of vulnerability management, this piece sheds light on cybersecurity threats like phishing, ransomware, malware, DDoS, and password theft. Let’s delve into the profound impact of cyberattacks on revenue, reputation, and business continuity, as we explore cutting-edge threat modeling methodologies such as STRIDE, CVSS, VAST, PASTA, and Attack Trees.…

Read More

One step behind The last decade has been challenging for the cyber industry. Attackers always seem to have the upper hand while defenders play catch up. It’s common to point to the ever-accelerating frequency and sophistication of attacks, siloed security that creates gaps, and a shortage of skilled cyber professionals as rationale for this lagging…

Read More

1panel-dev — 1panel 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6. 2024-02-05 6.5 CVE-2024-24768security-advisories@github.comsecurity-advisories@github.comsecurity-advisories@github.com…

Read More

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I’ve been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I’m a fellow and lecturer at Harvard’s Kennedy School, a board member of EFF, and the Chief of Security Architecture…

Read More

A smart helmet for biking and skiing fans sounds like a good idea. If you’re on the slopes or trails, you want to protect your head and stay in touch with your group. Which is why Livall, a popular manufacturer of ski and bike helmets, has presumably developed a “smart” line of products with “walkie-talkie”…

Read More

Fortinet released security updates to address critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313). A cyber threat actor could exploit these vulnerabilities to take control of an affected system. Note: According to Fortinet, CVE-2024-21762 is potentially being exploited in the wild.  CISA encourages users and administrators to review the following advisories and apply necessary…

Read More

Today, CISA—on behalf of the collective group of industry and government partners that comprise the Joint Cyber Defense Collaborative (JCDC)—released JCDC’s 2024 Priorities. Similar to the 2023 JCDC Planning Agenda, JCDC’s 2024 Priorities will help focus the collective group on developing high-impact and collaborative solutions to the most pressing cybersecurity challenges. Resulting from the trusted…

Read More