Feb 09, 2024NewsroomZero Day Vulnerability / Network Security Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands. “A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a…
Read MoreFeb 09, 2024NewsroomVulnerability / Zero Day Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The issue, tracked as CVE-2024-22024, is rated 8.3 out of 10 on the CVSS scoring system. “An XML external entity or XXE…
Read MoreA group of attackers have compromised accounts on the SendGrid email delivery platform and are using them to launch phishing attacks against other SendGrid customers. The campaign is likely an attempt to collect credentials for a mass email service with a good reputation that would help attackers bypass spam filters in other attacks. “The campaign…
Read MoreToday, CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Recognizing the critical role package repositories play in securing open source software ecosystems, this framework lays out voluntary security maturity levels for package repositories. This publication supports Objective 1.2 of CISA’s…
Read MoreAs organisations seek to enhance security and user experience, passwordless authentication methods – such as biometrics, hardware tokens, etc. – will gradually replace traditional passwords. The shift towards passwordless authentication is driven by the need for stronger identity verification, reduced susceptibility to phishing, and improved user convenience. While challenges such as interoperability and privacy concerns…
Read MoreThe story so far. Round 1 The newspaper Aargauer Zeitung published an article claiming that three million IoT-connected toothbrushes had launched a distributed denial-of-service attack against a Swiss company, causing its website to be knocked over for four hours. Hundreds of other news outlets retold the story, assuming it was true. But, it wasn’t true.…
Read MoreTwo US insurance companies are warning that thousands of individuals’ personal information may have been stolen after hackers compromised computer systems. Washington National Insurance and Bankers Life, both subsidiaries of the CNO Financial Group, were targeted by SIM-swapping hackers in November 2023. As we’ve described before, SIM-swapping attacks involve fraudsters tricking customer support staff at…
Read MoreCisco released a security advisory to address vulnerabilities affecting Cisco Expressway Series. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Expressway Series advisory and apply the necessary updates. Source link ddde ddde ddde ddde ddde ddde ddde ddde…
Read MoreThe content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The question of whether you need antivirus (AV) for Windows devices is always up for debate. The advancements and new technology have made…
Read More