“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-
Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools [email protected] (The Hacker News)
A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect. The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending…
-
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw thatRead…
-
BeyondTrust SaaS instances breached in cyberattack
Post ContentRead More
-
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools [email protected] (The Hacker News)
Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively. “While typosquatting attacks areRead More
-
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords [email protected] (The Hacker News)
Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware. The company said it’s issuing the advisory after “several customers” reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. “These systems have…
-
10 cybersecurity predictions for 2025
Post ContentRead More
-
Add gamification learning to your pen testing training playbook
Post ContentRead More
-
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits [email protected] (The Hacker News)
Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. “A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to…
-
How bad is generative AI data leakage and how can you stop it?
Post ContentRead More
-
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. “Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls,Read More
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova