Cisco on Monday patched a zero-day vulnerability discovered months ago that allowed a China-nexus hacker to execute arbitrary commands as root on the compromised devices. The threat group, dubbed Velvet Ant, remotely connected to Cisco’s NX-OS software used in switches and executed malicious code. The networking giant in an advisory attributes the discovery to cybersecurity…

The critical bug, tracked as CVE-2024-31320, impacts Android versions 12 and 12L and allows an attacker to escalate privileges on a vulnerable device. “The most severe of these issues is a critical security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google explains in…

Juniper Networks has released an emergency patch for a critical authentication bypass vulnerability that has been assigned the highest possible CVSS score of 10. The vulnerability, tracked under CVE-2024-2973, affects the Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Router, and could allow a threat actor to take full control of an…

Two weeks ago, Change Healthcare began notifying thousands of medical practices about a massive data breach affecting millions of patients. The healthcare software firm says it will handle breach notifications, but industry groups want to guarantee the government will go along with that plan. If not, the groups fear that small medical practices, hospitals and…

Vulnerabilities in internet-connected temperature monitoring devices mainly used in hospitals, and their accompanying desktop application, could allow hackers to gain administrator privileges to the technology. Researchers at Nozomi Networks uncovered four vulnerabilities in Sensor Net Connect and three flaws in the Thermoscan IP desktop application, both made by a division of French firm Proges Plus….

Infinidat, a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of ransomware and malware attacks. Infinidat’s InfiniSafe® Automated Cyber Protection (ACP) is a first-of-its-kind cybersecurity integration solution that is designed to reduce the threat window of cyberattacks, such…

More reasons to beware breathless reporting about a ransomware group’s latest supposed victim: LockBit’s claim to have breached the U.S. Federal Reserve Bank. The Fed, based in Washington, is America’s central bank. It works with 12 regional Fed banks. If any aspect of that system fell victim to ransomware-wielding groups – or had data exfiltrated,…

Optiv, the cyber advisory and solutions leader, has published its 2024 Threat and Risk Management Report, which examines how organizations’ cybersecurity investments and governance priorities are keeping up with the evolving threat landscape. Based on an independent Ponemon Institute survey, the report reveals a 59% increase in cyber budgets year-over-year. Additionally, 63% of organizations with…

A cybercrime group is demanding $8 million after compromising Indonesia’s national data center — an amount the government is refusing to pay. More than 200 government agencies have been disrupted by the cyberattack since June 20, according to Samuel Abrijani Pangerapan, director general of informatics applications with the Communications and Informatics Ministry. He told the…