Month: May 2022

Vulnerabilities

Issued by: Security Week

The flaw, tracked as CVE-2022-30525, affects ATP, VPN and USG FLEX series firewalls. The vulnerability can be exploited by a remote, unauthenticated attacker for arbitrary code execution as the “nobody” user. The affected products are recommended for businesses and they provide VPN, SSL inspection, intrusion protection, web filtering and email security capabilities. The Shodan search…

Malware & Threats

Issued by: Security Week

Also referred to as APT35, Magic Hound, NewsBeef, Newscaster, Phosphorus, and TA453, the advanced persistent threat (APT) actor is known for the targeting of activists, government organizations, journalists, and various other entities. In November 2021, a joint advisory from government agencies in the US, UK, and Australia warned of Iranian state-sponsored attacks targeting critical infrastructure…

Malware & Threats

Issued by: CIO Security

If you’re concerned about the increased threat of cyberattacks by state-sponsored hackers and hacktivist groups in the current geopolitical atmosphere, you’re certainly justified. Criminal groups are emerging from the shadows and pledging their allegiance to Russia. They’re conducting reconnaissance attacks and coalescing into the roles they’ll play in the global cyberwar many see on the…

Vulnerabilities

Issued by: Security Week

Siemens has released 12 advisories covering 35 vulnerabilities. Based on CVSS scores, the most important advisory covers 11 flaws affecting the web server of SICAM P850 and P855 devices. One of these bugs is critical and it allows an unauthenticated attacker to execute arbitrary code or launch a denial-of-service (DoS) attack. The five high-severity vulnerabilities…

Network Security

Issued by: Security Week

YL Ventures, an active venture capital firm that focuses on early-stage cybersecurity startups, has closed a new $400 million fund and announced plans to ramp up investments in Israel’s security technology sector. The Tel Aviv-based firm, which counts red-hot companies like Axonius and Orca Security among its portfolio, said the closing of its fifth fund…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-20220-29972, the security hole was identified in the third-party Open Database Connectivity (ODBC) data connector used in Integration Runtime (IR) in the affected Azure services to connect to Amazon Redshift. A remote attacker could have exploited the flaw to execute arbitrary commands across the IR infrastructure, impacting multiple tenants, the tech giant explains….

Malware & Threats

Issued by: Security Week

AGCO designs, makes, and distributes agricultural machinery and precision technology, offering equipment under brands such as Challenger, Fendt, Massey Ferguson, and Valtra. On Friday, the company announced that it fell victim to a ransomware attack that impacted some production facilities. AGCO says it has launched an investigation into the incident and estimates that it might…