The company has informed customers that its Expressway series and TelePresence Video Communication Server software is affected by two high-severity vulnerabilities. One of them, tracked as CVE-2022-20814 and related to improper certificate validation, can allow a remote, unauthenticated attacker to access sensitive data through a man-in-the-middle attack. Successful exploitation of the flaw can result in…

The company says it has detected unusual activity and decided to ‘reset’ its network and systems as a precaution. It shut down all external connectivity, including its delegated authority platforms, in response to the incident. “Following the unusual activity detected on Lloyd’s network, our precautionary work to secure systems has been completed overnight,” a Lloyd’s…

The flaws were discovered by researchers at industrial cybersecurity firm Claroty in Carlo Gavazzi’s CPY Car Park Server and UWP 3.0 monitoring gateway and controller products. The vendor released patches for the impacted products earlier this year. The Germany-based [email protected], which coordinates the disclosure of vulnerabilities impacting the industrial control system (ICS) and operational technology…

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About…

GTSC, a cybersecurity company based in Vietnam, reported seeing attacks exploiting two new Microsoft Exchange zero-day vulnerabilities. The firm believes the attacks, which were first seen in August and aimed at critical infrastructure, were launched by a Chinese threat group. Technical details on the vulnerabilities have not been made public, but GTSC did say that…

While published trends in ransomware attacks have been contradictory — with some firms tracking more incidents and other fewer — business email compromise (BEC) attacks continue to have proven success against organizations. BEC cases, as a share of all incident-response cases, more than doubled in the second quarter of the year, to 34% from 17%…

Veristor Systems, Inc., a trusted provider of transformative business technology solutions, and SANS Security Awareness, the global leader in providing security awareness training, today announce that Veristor has become a certified provider of SANS Security Awareness’ comprehensive suite of products to enable a data-driven approach to cybersecurity training for an organization’s end users. “Researchers from…

Aunalytics, a leading data management and analytics company delivering managed IT and data platform services for mid-sized and enterprise businesses, today initiated its Security Patching Platform, Co-managed Patching as a Service to complement the company’s Advanced Security solution suite. Windows OS and supported 3rd party patch management allow for tighter security in the defense against…