Month: October 2023

Vulnerabilities

Issued by: Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog, including a high-severity flaw (CVE-2023-21608) (CVSS score: 7.8) in Adobe Acrobat Reader. The flaw is a use-after-free issue, an attacker can trigger the flaw to achieve remote code execution (RCE) with the privileges of the current user….

Vulnerabilities

Issued by: SecurityWeek

A note from Redmond linked the ongoing attacks to an APT group tracked as Storm-0062 and warned that malicious activity dates back to September 14, a full three weeks before Atlassian’s public disclosure of the issue. “Microsoft has observed nation-state threat actor Storm-0062 exploiting CVE-2023-22515 in the wild since September 14, 2023. CVE-2023-22515 was disclosed…

Vulnerabilities

Issued by: DataBreach Today

Cisco has released urgent fixes to a critical vulnerability affecting an emergency communication system used to track callers’ location in real time. A developer inadvertently hard-coded credentials in Cisco Emergency Responder tracking and routing software, opening up a permanent backdoor for potential unauthenticated attackers. At some point in the development cycle, static user credentials for…

News

Issued by: Security Affairs

In September the hospitality and entertainment company MGM Resorts was hit by a ransomware attack that shut down its systems at MGM Hotels and Casinos. The incident affected hotel reservation systems in the United States and other IT systems that run the casino floors. The company now revealed that the costs from the ransomware attack…

Network Security

Issued by: Dark Reading

WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers. Key findings from the research include 95% of malware now arriving over encrypted connections, a decrease in endpoint malware volumes…

News

Issued by: Dark Reading

Pinpoint Search Group, a leading cybersecurity recruitment firm, has unveiled its Q3 2023 cybersecurity funding report. The quarter saw a 21 percent rise in funds raised compared to Q3 2022, painting an optimistic picture of the industry’s growth trajectory, characterized by strategic advancements and heightened interest. In Q3 2023, Pinpoint Search Group’s research team recorded…

Vulnerabilities

Issued by: CSO Online

Cisco patched authentication, privilege escalation, and denial-of-service vulnerabilities this week in several of its products, including one that’s used for identifying the location of 9-1-1 emergency callers. The flaw in Cisco Emergency Responder is caused by the presence of default static credentials for the root account that were used during development but were never removed….

Vulnerabilities

Issued by: Security Affairs

Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed with improved checks. “A local attacker may be able to elevate their privileges. Apple is aware…

Application Security

Issued by: Dark Reading

BeyondID, a leading managed identity solutions provider, today announced the industry’s first solution that accurately conveys the true nature of identity within the zero trust security framework. BeyondID’s Identity Fabric Model for Zero Trust promises optimal threat detection, investigation, and round-the-clock remediation via the BeyondID Security Operations Center (SOC). “The Zero Trust Maturity Model by…