CISA released twenty-five Industrial Control Systems (ICS) advisories on September 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-256-01 Siemens SINEMA Remote Connect Server ICSA-24-256-02 Siemens SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D ICSA-24-256-03 Siemens User Management Component (UMC) ICSA-24-256-04 Siemens SINUMERIK Systems ICSA-24-256-05 Siemens Mendix Runtime…
Read MoreAdobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: Security update available for Adobe Media Encoder | APSB24-53 Security…
Read MoreCRN breaks down six significant recent executive departures and hires at Google Cloud, including the exit of Google’s Kubernetes leader and the hiring of Microsoft’s former corporate vice president. From the departure of Google Cloud’s Kubernetes and serverless general manager to the hiring of Microsoft’s former corporate vice president, Google Cloud’s top executive lineup continues…
Read MoreThe outage Thursday morning had prevented some AT&T users from accessing Microsoft 365 and Azure services. AT&T said that “connections are operating normally” as of mid-morning Thursday, EDT, following reports that Microsoft 365 and Azure services were inaccessible for AT&T users earlier in the morning. Microsoft also confirmed that the issues that caused the outage…
Read MoreTransport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. The urban transportation agency had informed the public on September 2 about an ongoing cybersecurity incident, assuring customers that at the time there was no evidence of data being compromised. Last Friday, TfL staff…
Read MoreGitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. The release is for versions 17.3.2, 17.2.5, and 17.1.7 for both GitLab Community Edition (CE) and Enterprise Edition (EE), and patches a total of 18 security issues as part of the bi-monthly…
Read More‘We’re investigating an issue where users may be unable to access multiple Microsoft 365 services,’ the tech giant said. Microsoft reported an outage that prevented some users from accessing Azure and Microsoft 365 services starting Thursday morning, EDT. The Microsoft 365 X account disclosed the outage at 8:38 a.m., EDT, on Thursday. “We’re investigating an…
Read MoreSep 12, 2024Ravie LakshmananMalware / IoT Security Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d (aka Void). “It is a backdoor that puts its components in the system storage area and, when commanded by…
Read MoreSep 12, 2024Ravie LakshmananCryptocurrency / Network Security Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. “Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions,” Cado Security researchers Tara Gould and Nate Bill said in an analysis published today.…
Read MoreSep 12, 2024Ravie LakshmananRegulatory Compliance / Data Protection The Irish Data Protection Commission (DPC) has announced that it has commenced a “Cross-Border statutory inquiry” into Google’s foundational artificial intelligence (AI) model to determine whether the tech giant has adhered to data protection regulations in the region when processing the personal data of European users. “The…
Read More