Browsing Category
Security Tips
117 posts
Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure
Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS).
The list of flaws is as follows -
CVE-2024-21894 (CVSS score: 8.2) - A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an
Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed.
The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0), came to light last week when Microsoft engineer and PostgreSQL developer Andres Freund
New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs
Cybersecurity researchers from ETH Zurich have developed a new variant of the RowHammer DRAM (dynamic random-access memory) attack that, for the first time, successfully works against AMD Zen 2 and Zen 3 systems despite mitigations such as Target Row Refresh (TRR).
"This result proves that AMD systems are equally vulnerable to Rowhammer as Intel systems, which greatly increases the attack
U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation
The U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years.
FTC investigating Reddit plan to sell user content for AI model training
The Federal Trade Commission (FTC) is probing Reddit’s decision to license its user-generated content to artificial intelligence companies which would in turn use it to train models, the social media platform said in a Friday securities filing.
Moldovan national sentenced in E-Root cybercrime marketplace case
A 31-year-old Moldovan national was sentenced to 42 months in U.S. federal prison for operating a series of websites used to sell access to compromised computers worldwide, the U.S. Department of Justice said on Thursday
The water industry wants to write its own cybersecurity rules. Will Biden and Congress go for it?
When Iranian government operatives hacked into water utilities across the U.S. late last year, it was a chilling reminder of how vulnerable the water sector remains — and how tortuous the efforts to regulate its cybersecurity have been.
Threat-hunter says Iran is stepping up the sophistication of its cyberattacks
Iran is waging a sophisticated hacking campaign against its rivals across the Middle East and is improving its cyberattacks, according to Gil Messing, the chief of staff at Tel Aviv-based Check Point Software.
FBI and CISA warn of national security threat posed by Chinese drones
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned Wednesday that Chinese-made drones pose a “significant risk” to U.S. critical infrastructure and provided new guidance on how entities can better protect networks from their malicious use.
Recovery from cyberattack ‘on the horizon,’ Kansas Supreme Court chief justice says
The Kansas state court system is close to a full recovery from an October ransomware attack that forced officials to use paper records for weeks, state Supreme Court Chief Justice Marla Luckert said Wednesday.