Tag: advisory
-
Three New ICS Advisories Released by CISA Detailing Vulnerabilities Mitigations
The Cybersecurity and Infrastructure Security Agency (CISA) announced three new Industrial Control Systems (ICS) advisories. These advisories provide critical insights into vulnerabilities impacting Traffic Alert and Collision Avoidance Systems (TCAS) II, Siemens SIMATIC S7-1200 CPUs, and ZF Roll Stability Support Plus (RSSPlus). Each advisory includes detailed technical descriptions of the vulnerabilities, associated CVEs, and recommended…
-
Trump Fires Cyber Safety Board Investigating Salt Typhoon Hackers
In a letter sent today, the acting DHS secretary terminated membership to all advisory boards, including the Cyber Safety Review Board (CSRB) tasked with investigating state-sponsored cyber threats against the US. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/trump-fires-cyber-safety-board-salt-typhoon-hackers
-
Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users
Mozilla Firefox and Thunderbird users are facing a series of high-severity vulnerabilities that could leave systems open to exploitation. The Indian Computer Emergency Response Team (CERT-In) issued an advisory on January 20, 2025, highlighting multiple security flaws in Mozilla’s popular browser and email client. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cert-in-reports-mozilla-vulnerabilities/
-
7 top cybersecurity projects for 2025
Tags: access, advisory, ai, backup, best-practice, breach, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, encryption, framework, google, governance, infrastructure, intelligence, law, mitigation, monitoring, network, resilience, risk, risk-management, service, strategy, technology, threat, tool, vulnerabilityAs 2025 dawns, CISOs face the grim reality that the battle against cyberattackers never ends. Strong and carefully planned cybersecurity projects are the best way to stay a step ahead of attackers and prevent them gaining the upper hand.”Urgency is the mantra for 2025,” says Greg Sullivan, founding partner of cybersecurity services firm CIOSO Global.…
-
Yubico Warns of 2FA Security Flaw in pam-u2f for Linux and macOS Users
Tags: 2fa, advisory, authentication, cve, fido, flaw, linux, macOS, mfa, open-source, risk, software, threat, vulnerabilityYubico has released a security advisory, YSA-2025-01, which highlighted a vulnerability within the software module that supports two-factor authentication (2FA) for Linux and macOS platforms. This issue, tracked as CVE-2025-23013, allows for a partial 2FA bypass protections when using YubiKeys or other FIDO-compatible authenticators. The vulnerability poses a high-risk security threat and could potentially compromise…
-
Multiple HPE Aruba Network Vulnerabilities Allows Remote Arbitrary Code Execution
Hewlett Packard Enterprise (HPE) has confirmed multiple vulnerabilities in its Aruba Networking products that could allow remote arbitrary code execution. These vulnerabilities, CVE-2025-23051 and CVE-2025-23052, affect various versions of the AOS-8 and AOS-10 Operating Systems, specifically impacting Mobility Conductors, Controllers, and managed WLAN and SD-WAN Gateways. This advisory comes amid growing concerns within the cybersecurity…
-
Fortinet confirms zero-day flaw used in attacks against its firewalls
Fortinet has confirmed the existence of a critical authentication bypass vulnerability in specific versions of FortiOS firewalls and FortiProxy secure web gateways. The flaw has been exploited in the wild since early December in what appears to be an indiscriminate and widespread campaign, according to cybersecurity firm Arctic Wolf.The fix for this zero-day is part…
-
CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild
Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024. Background On January 14, Fortinet released a security advisory (FG-IR-24-535) addressing a critical severity vulnerability impacting FortiOS and FortiProxy. CVE Description CVSSv3 CVE-2024-55591 FortiOS and FortiProxy Authentication Bypass Vulnerability…
-
Beware cybersecurity tech that’s past its prime, 5 areas to check or retire
Tags: access, advisory, ai, antivirus, attack, authentication, breach, bug-bounty, ciso, cloud, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, firewall, Hardware, network, password, penetration-testing, risk, router, siem, software, strategy, switch, threat, tool, vpn, vulnerability, waf, zero-trustCybersecurity leaders can choose from an ever-expanding list of digital tools to help them ward off attacks and, based on market projections, they’re implementing plenty of those options.Gartner predicts a 15% increase in cybersecurity spending for 2025, with global expenditures expected to reach $212 billion in the upcoming year. The research and consulting firm says…
-
Critical Infrastructure Urged to Scrutinize Product Security During Procurement
A joint government advisory has set out steps critical infrastructure firms should take to ensure any OT products they purchase are secure by design First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/critical-infrastructure-product/
-
Sicherheitsmängel gefährden DNA-Sequenziergeräte
srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?quality=50&strip=all 5283w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=768%2C432&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1024%2C576&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1536%2C864&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Security-Forscher haben festgestellt, dass bei einem DNA-Sequenziergerät wichtige Sicherheitsfunktionen fehlen. angellodeco Shutterstock.comDas DNA-Sequenziergerät iSeq 100 von Illumina wird von medizinischen Laboren auf der ganzen Welt für eine Vielzahl…
-
Ivanti Urges Patch for Flaws in Connect Secure, Policy Secure and ZTA Gateways
Ivanti has issued a critical security advisory addressing two vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateway products. First seen on hackread.com Jump to article: hackread.com/ivanti-patch-flaws-connect-secure-policy-secure-zta-gateways/
-
Ivanti zero-day exploited by APT group that previously targeted Connect Secure appliances
Researchers from Google’s Mandiant division believe the critical remote code execution vulnerability patched on Wednesday by software vendor Ivanti has been exploited since mid-December by a Chinese cyberespionage group. This is the same group that has exploited zero-day vulnerabilities in Ivanti Connect Secure appliances back in January 2024 and throughout the year.The latest attacks, exploiting…
-
Ivanti 0-Day Vulnerability Exploited in Wild-Patch Now
Ivanti released a critical security advisory addressing vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateways products. This advisory reveals the existence of two significant vulnerabilities, CVE-2025-0282 and CVE-2025-0283, which have been exploited in the wild, necessitating immediate action from users. Critical Vulnerability: CVE-2025-0282 CVE-2025-0282 is a stack-based buffer overflow vulnerability that affects Ivanti…
-
Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day
Tags: advisory, apt, attack, authentication, cve, cvss, cybersecurity, data-breach, exploit, flaw, google, government, group, intelligence, Internet, ivanti, law, mandiant, microsoft, network, rce, remote-code-execution, risk, software, threat, tool, vpn, vulnerability, zero-dayIT software provider Ivanti released patches Wednesday for its Connect Secure SSL VPN appliances to address two memory corruption vulnerabilities, one of which has already been exploited in the wild as a zero-day to compromise devices.The exploited vulnerability, tracked as CVE-2025-0282, is a stack-based buffer overflow rated as critical with a CVSS score of 9.0.…
-
DNA sequencer vulnerabilities signal firmware issues across medical device industry
Tags: access, advisory, attack, best-practice, computer, computing, control, credentials, data, exploit, firmware, flaw, Hardware, iot, leak, malicious, malware, mitigation, privacy, rce, remote-code-execution, risk, side-channel, software, supply-chain, update, vulnerability, windowsIn highlighting vulnerabilities in a widely used DNA gene sequencing device, security researchers have brought further attention to the likely poor state of security in the medical device industry, where hardware and firmware development is often outsourced to external equipment manufacturers under questionable support contracts.The device, Illumina’s iSeq 100 compact DNA sequencer, is used by…
-
CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
Tags: access, advisory, attack, authentication, cve, exploit, flaw, group, injection, ivanti, malware, ransomware, remote-code-execution, threat, tool, update, vulnerability, zero-day, zero-trustIvanti disclosed two vulnerabilities in its Connect Secure, Policy Secure and Neurons for ZTA gateway devices, including one flaw that was exploited in the wild as a zero-day. Background On January 8, Ivanti published a security advisory for two vulnerabilities affecting multiple products including Ivanti Connect Secure, Ivanti Policy Secure and Ivanti Neurons for Zero…
-
Ivanti warns hackers are exploiting new vulnerability
The company released an advisory and a corresponding blog about two bugs, CVE-2025-0282 and CVE-2025-0283, and warned that some customers have already seen CVE-2025-0282 exploited in their environments.]]> First seen on therecord.media Jump to article: therecord.media/ivanti-warns-of-hackers-exploiting-new-vulnerability
-
12 cybersecurity resolutions for 2025
Tags: advisory, ai, api, attack, awareness, breach, business, ceo, chatgpt, china, ciso, communications, control, crowdstrike, cyber, cyberattack, cybersecurity, data, data-breach, deep-fake, defense, detection, email, identity, insurance, jobs, law, malicious, phishing, ransomware, risk, risk-assessment, risk-management, strategy, supply-chain, technology, threat, tool, training, vulnerabilityAs cyber threats continue to evolve, CISOs must prepare for an increasingly complex threat landscape. From dealing with AI-driven attacks to managing changing regulatory requirements, it’s clear that 2025 will be another big year for CISOs.But staying ahead requires more than just implementing the next cutting-edge set of tools or technologies. It demands a shift…
-
US government sanctions Chinese cybersecurity company linked to APT group
The US Department of Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against a Beijing cybersecurity company for its role in attacks attributed to a Chinese cyberespionage group known as Flax Typhoon.The company, called Integrity Technology Group (Integrity Tech), is accused of providing the computer infrastructure that Flax Typhoon used in its operations…
-
ASUS Critical Vulnerabilities Let Attackers Execute Arbitrary Commands
In a recent security advisory, ASUS has alerted users to critical vulnerabilities affecting several of its router models. These flaws, tracked as CVE-2024-12912 and CVE-2024-13062, pose severe risks by allowing attackers to execute arbitrary commands on compromised devices. ASUS has advised users to act immediately by updating their routers to stay protected. About the Vulnerabilities The two vulnerabilities…
-
US Treasury Department workstations breached in attack attributed to China
Tags: access, advisory, apt, attack, banking, ceo, china, cloud, cybersecurity, government, hacking, infrastructure, intelligence, microsoft, russia, saas, service, supply-chain, threat, update, vulnerabilityThe US Department of the Treasury revealed on Monday that an attacker was able to bypass security, access an undisclosed number of Treasury workstations, and steal “certain unclassified documents,” in what it called a “major cybersecurity incident”.In a letter to the US Senate’s Committee on Banking, Housing and Urban Affairs, the Treasury Department said that…
-
Blown the cybersecurity budget? Here are 7 ways cyber pros can save money
Tags: access, advisory, ai, automation, business, cio, ciso, cloud, control, cyber, cybersecurity, finance, governance, group, guide, infrastructure, intelligence, international, jobs, office, risk, service, skills, software, strategy, technology, threat, tool, training, vulnerability, vulnerability-managementIt’s hard to find a CISO or cybersecurity leader who has the money they need to pay for all the work they want to do.A majority of CISOs (57%) said they expect to see an increase in their cybersecurity budgets over the next one to two years, according to Deloitte’s Global Future of Cyber Report,…
-
Best of 2024: CVE-2024-38063: An In-Depth Look at the Critical Remote Code Execution Vulnerability
In a recent security advisory, Microsoft disclosed a high-severity vulnerability identified as CVE-2024-38063. This critical Remote Code Execution (RCE) flaw, rated with a CVSS score of 9.8, poses a significant… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/cve-2024-38063-an-in-depth-look-at-the-critical-remote-code-execution-vulnerability-2/
-
How are you securing your communications in the wake of the Volt Typhoon revelations?
Tags: access, advisory, android, apple, apt, attack, authentication, business, china, cisa, cisco, cloud, communications, computer, control, cyber, cybersecurity, detection, email, endpoint, espionage, exploit, firewall, firmware, government, group, Hardware, infrastructure, Internet, Intruder, microsoft, network, phishing, ransomware, risk, service, software, technology, threat, tool, update, vpn, vulnerability, windows, zero-dayThe FBI recently released information that text messages between Apple and Android texting systems were insecure and that attackers could listen in and access those communications, more fallout from the revelation that a Chinese-affiliated threat actor had breached telecommunications companies.The announcement that the group known as Salt Typhoon had compromised networks of major global telecommunications…
-
Hackers Exploiting PLC Controllers In US Water Management System To Gain Remote Access
A joint Cybersecurity Advisory (CSA) warns of ongoing exploitation attempts by Iranian Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors using the online persona >>CyberAv3ngers.