A threat actor accessed ‘a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive,’ the security vendor says. Fortinet confirmed Thursday that it suffered a breach of its cloud storage environment that impacted customer data. The cybersecurity vendor characterized the incident as having minimal impact, however, saying the number…
Read More
Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company’s Microsoft Sharepoint server. Fortinet is one of the largest cybersecurity companies in the world, selling secure networking products like firewalls, routers, and VPN devices. The company also offers SIEM, network management, and EDR/XDR…
Read More
‘With our technology, AI can only access and analyze data if our customers have opted in,’ says Nicole Reineke, distinguished product manager of AI strategy at N-able. ‘If you haven’t opted in, we’re not touching it. This is our baseline for ensuring data privacy and customer trust.’ N-able has created four pillars of AI with…
Read More
Sep 12, 2024Ravie LakshmananDevSecOps / Vulnerability GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user. The issue, tracked as CVE-2024-6678, carries a CVSS score of 9.9 out of a maximum of 10.0 “An issue was discovered in…
Read More
Sep 12, 2024Ravie LakshmananMobile Security / Financial Fraud Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting two-factor authentication (2FA) messages. Singapore-headquartered Group-IB, which discovered the threat in May 2024, said…
Read More
‘At every turn, we’re putting partners first because we cannot succeed without you,’ ServiceNow Channel Chief Erica Volini said. Major changes to who qualifies as an Elite partner, growing the percentage of partner-sourced net-new annual contract value for ServiceNow Now Assist artificial intelligence tools, and a leadership team that is all in on partners are…
Read More
Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software. The two flaws exploited in attacks since August 30 are SQL injection vulnerabilities tracked as CVE-2024-6670 and CVE-2024-6671 that allow retrieving encrypted passwords without authentication. Despite the vendor addressing the security issues…
Read More
U.K.’s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city’s public transportation agency. “A teenager has been arrested in Walsall by the National Crime Agency, as part of the investigation into a cyber security incident affecting Transport for London (TfL),”…
Read MoreCisco released security updates to address vulnerabilities in Cisco ISO XR software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Source link lol
Read MoreCISA released twenty-five Industrial Control Systems (ICS) advisories on September 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-256-01 Siemens SINEMA Remote Connect Server ICSA-24-256-02 Siemens SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D ICSA-24-256-03 Siemens User Management Component (UMC) ICSA-24-256-04 Siemens SINUMERIK Systems ICSA-24-256-05 Siemens Mendix Runtime…
Read More