The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. The flaw, discovered by Rhino Security Labs and tracked as CVE-2024-1212, was addressed via an update released on February 21, 2024. However, this is the first…
Read More
After Nutanix CEO Rajiv Ramaswami was “approached” about a role with a competitor, the Nutanix board responded with an “off-cycle” stock award worth nearly $50 million, citing “immediate retention concerns,” according to a recent filing with the SEC. Nutanix President and CEO – and a former VMware C-level executive – Rajiv Ramaswami won a massive…
Read More
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. “Apple is aware of a report that this issue may have been exploited,” the company said in an advisory issued on Tuesday. The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components…
Read More
D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices. The flaw was discovered and reported to D-Link by security researcher ‘delsploit,’ but technical details have been withheld from the public to avoid triggering mass exploitation attempts in…
Read More
Microsoft announced today that hotpatching of security updates is now also available in preview on Windows 365 and Windows 11 Enterprise 24H2 client devices. Windows Hotpatch has been available for Windows Server 2022 Datacenter: Azure Edition since February 2022, initially generally available for Windows Server Azure Edition core virtual machines, and in public preview for…
Read More
The new ‘Helldown’ ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. French cybersecurity firm Sekoia is reporting this with medium confidence based on recent observations of Helldown attacks. Although not among the major players in the ransomware space, Helldown has quickly…
Read More
What if the biggest threat to your privacy wasn’t some hacker in a hoodie—but a spy trained to infiltrate your life? Former FBI operative Eric O’Neill, the man who took down spy Robert Hanssen, explains how digital spies target us, offering along the way real-world tips to protect ourselves in a world where everyone’s a…
Read MoreCISA released one Industrial Control Systems (ICS) advisory on November 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol
Read More
The Ngioweb botnet, which supplies most of the 35,000 bots in the cybercriminal NSOCKS proxy service, is being disrupted as security companies block traffic to and from the two networks. Following an investigation of more than one year, researchers identified the complete architecture and traffic of the Ngioweb botnet proxy server, which was first observed in…
Read More
Windows 365 Link, Security Exposure Management and a new post-CrowdStrike faulty update initiative are among the big announcements. Microsoft’s Windows 365 Link devices. Security Exposure Management becoming generally available. And a new initiative to make improvements following the faulty CrowdStrike update in July. These are among the biggest news in devices and security coming out…
Read More