Cloud Security Alliance News Clipping Site

Tag: zero-day exploit

  • The Register: Palo Alto Networks tackles firewall-busting zero-days with critical patches

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/19/palo_alto_networks_patches/ Source: The Register Title: Palo Alto Networks tackles firewall-busting zero-days with critical patches Feedly Summary: Amazing that these two bugs got into a production appliance, say researchers Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week.… AI Summary and…

  • Schneier on Security: Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/11/most-of-2023s-top-exploited-vulnerabilities-were-zero-days.html Source: Schneier on Security Title: Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days Feedly Summary: Zero-day vulnerabilities are more commonly used, according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority…

  • The Register: Five Eyes infosec agencies list 2024’s most exploited software flaws

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/14/five_eyes_2024_top_vulnerabilities/ Source: The Register Title: Five Eyes infosec agencies list 2024’s most exploited software flaws Feedly Summary: Slack patching remains a problem – which is worrying as crooks increasingly target zero-day vulns The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15…

  • Alerts: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/10/30/fortinet-updates-guidance-and-indicators-compromise-following-fortimanager-vulnerability Source: Alerts Title: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation Feedly Summary: Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive…

  • Cloud Blog: Cloud CISO Perspectives: 10 ways to make cyber-physical systems more resilient

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-10-ways-to-make-cyber-physical-systems-more-resilient/ Source: Cloud Blog Title: Cloud CISO Perspectives: 10 ways to make cyber-physical systems more resilient Feedly Summary: Welcome to the second Cloud CISO Perspectives for October 2024. Today, Anton Chuvakin, senior security consultant for our Office of the CISO, offers 10 leading indicators to improve cyber-physical systems, guided by our analysis of…

  • The Register: Samsung phone users under attack, Google warns

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/24/samsung_phone_eop_attacks/ Source: The Register Title: Samsung phone users under attack, Google warns Feedly Summary: Don’t ignore this nasty zero day exploit says TAG A nasty bug in Samsung’s mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google…

  • Cloud Blog: Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575/ Source: Cloud Blog Title: Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575) Feedly Summary: Written by: Foti Castelan, Max Thauer, JP Glab, Gabby Roncone, Tufail Ahmed, Jared Wilson Summary In October 2024, Mandiant collaborated with Fortinet to investigate the mass exploitation of FortiManager appliances across 50+ potentially compromised FortiManager devices in various industries. The vulnerability,…

  • Hacker News: Safer with Google: Advancing Memory Safety

    by

    system automation
    in

    Source URL: https://security.googleblog.com/2024/10/safer-with-google-advancing-memory.html Source: Hacker News Title: Safer with Google: Advancing Memory Safety Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses Google’s strategic commitment to enhancing memory safety in software, revealing a two-pronged approach that includes increasing the adoption of memory-safe languages and improving the risk management of existing memory-unsafe languages.…

  • Google Online Security Blog: Safer with Google: Advancing Memory Safety

    by

    system automation
    in

    Source URL: http://security.googleblog.com/2024/10/safer-with-google-advancing-memory.html Source: Google Online Security Blog Title: Safer with Google: Advancing Memory Safety Feedly Summary: AI Summary and Description: Yes Summary: The content discusses Google’s strategic commitment to enhancing memory safety in software development. It highlights the significance of memory safety vulnerabilities, current trends, and Google’s two-pronged approach to integrating memory-safe languages while…

  • Cloud Blog: How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2023/ Source: Cloud Blog Title: How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends Feedly Summary: Written by: Casey Charrier, Robert Weiner Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild. Consistent with past analyses, the majority (97) of these vulnerabilities were…