Uncategorized

Uncategorized post – later to be categorized.

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation The Hacker [email protected] (The Hacker News)
December 20, 2024

Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of …


Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools The Hacker [email protected] (The Hacker News)
December 19, 2024

A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and …


CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List The Hacker [email protected] (The Hacker News)
December 19, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited …


Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm Krebs on SecurityBrianKrebs
December 19, 2024

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The …


Thousands Download Malicious npm Libraries Impersonating Legitimate Tools The Hacker [email protected] (The Hacker News)
December 19, 2024

Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, …


Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords The Hacker [email protected] (The Hacker News)
December 19, 2024

Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said …


Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits The Hacker [email protected] (The Hacker News)
December 19, 2024

Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a …


CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 The Hacker [email protected] (The Hacker News)
December 19, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business …


Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency The Hacker [email protected] (The Hacker News)
December 19, 2024

The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data …


UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App The Hacker [email protected] (The Hacker News)
December 19, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country …