severity - Cloud Security Alliance News Clipping Site

Slashdot: China Wiretaps Americans in ‘Worst Hack in Our Nation’s History’

Nov 23, 2024

—

by

Source URL: https://yro.slashdot.org/story/24/11/22/2336254/china-wiretaps-americans-in-worst-hack-in-our-nations-history?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: China Wiretaps Americans in ‘Worst Hack in Our Nation’s History’ Feedly Summary: AI Summary and Description: Yes Summary: A significant breach of U.S. telecommunications infrastructure by a hacker group linked to the Chinese government, identified as Salt Typhoon, has been reported. This breach allowed unauthorized access to phone calls…

The Register: 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole

Nov 22, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/22/palo_alto_firewalls_under_exploit/ Source: The Register Title: 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole Feedly Summary: PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to…

The Register: SafePay ransomware gang claims Microlise attack that disrupted prison van tracking

Nov 22, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/22/safepay_microlise/ Source: The Register Title: SafePay ransomware gang claims Microlise attack that disrupted prison van tracking Feedly Summary: Fledgling band of crooks says it stole 1.2 TB of data The new SafePay ransomware gang has claimed responsibility for the attack on UK telematics biz Microlise, giving the company less than 24 hours to…

Slashdot: D-Link Tells Users To Trash Old VPN Routers Over Bug Too Dangerous To Identify

Nov 20, 2024

—

by

system automation

in Uncategorized

Source URL: https://it.slashdot.org/story/24/11/20/189224/d-link-tells-users-to-trash-old-vpn-routers-over-bug-too-dangerous-to-identify?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: D-Link Tells Users To Trash Old VPN Routers Over Bug Too Dangerous To Identify Feedly Summary: AI Summary and Description: Yes Summary: D-Link has advised users of older VPN routers to replace their devices due to a serious remote code execution vulnerability. This issue exemplifies the critical security risks…

The Register: Palo Alto Networks tackles firewall-busting zero-days with critical patches

Nov 19, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/19/palo_alto_networks_patches/ Source: The Register Title: Palo Alto Networks tackles firewall-busting zero-days with critical patches Feedly Summary: Amazing that these two bugs got into a production appliance, say researchers Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week.… AI Summary and…

The Register: Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

Nov 18, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/ Source: The Register Title: Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble Feedly Summary: If you didn’t fix this a month ago, your to-do list probably needs a reshuffle Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in…

Hacker News: Drinking water systems for 26M Americans face high cybersecurity risks

Nov 17, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.scworld.com/news/drinking-water-systems-for-26m-americans-face-high-cybersecurity-risks Source: Hacker News Title: Drinking water systems for 26M Americans face high cybersecurity risks Feedly Summary: Comments AI Summary and Description: Yes Summary: The report by the EPA’s Office of Inspector General highlights alarming cybersecurity vulnerabilities in U.S. drinking water systems, affecting around 26.6 million Americans. The lack of an incident reporting…

Hacker News: A new vulnerability on IPv6 parsing in linux

Nov 16, 2024

—

by

system automation

in Uncategorized

Source URL: https://nvd.nist.gov/vuln/detail/CVE-2024-50252 Source: Hacker News Title: A new vulnerability on IPv6 parsing in linux Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a recently resolved memory leak vulnerability (CVE-2024-50252) in the Linux kernel associated with the `mlxsw` driver when handling remote IPv6 addresses. This vulnerability presents significant implications for IT…

The Register: Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit

Nov 15, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/15/palo_alto_networks_firewall_zeroday/ Source: The Register Title: Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit Feedly Summary: Yank access to management interface, stat A critical zero-day vulnerability in Palo Alto Networks’ firewall management interface that can allow an unauthenticated attacker to remotely execute code is now officially under active exploitation.… AI Summary and…

The Register: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost

Nov 14, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/14/fortinet_vpn_authentication_bypass_bug/ Source: The Register Title: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost Feedly Summary: Plus a bonus hard-coded local API key A now-patched, high-severity bug in Fortinet’s FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher…

Tag: severity