All the latest blog posts from the most relevant cyber security companies in the business.

Cisco on Monday asked customers to urgently disable the HTTP Server feature on internet-facing systems that was discovered to have a critical vulnerability in its modular operating system’s web interface. Hackers exploited the IOS XE software web user interface feature to gain administrator-level privileges, effectively taking complete control of compromised devices, Cisco Talos said in…

The European Union will soon set up a dedicated office to oversee the implementation of the AI Act, especially by big-tech companies such as OpenAI, said a key European lawmaker. The European Parliament in June approved regulations intended to mitigate AI’s potential for negative effects on society. The AI Act entered final negotiations this month…

Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance Center (TAC) support cases. The vulnerability can be exploited by an attacker to gain administrator privileges and take…

A British financial regulator fined American credit reporting agency Equifax 11 billion pounds for its role in one of the world’s largest data breaches. Chinese military hackers in 2017 exploited a vulnerability in Equifax’s online dispute portal to download the personal data of nearly 14 million residents of the United Kingdom as well as approximately…

A threat actor is using compromised Skype and Microsoft Teams accounts to distribute DarkGate, a troublesome loader associated with multiple malicious activities, including information theft, keylogging, cryptocurrency miners, and ransomware such as Black Basta. Forty-one percent of the targets of the campaign — which appears to have begun in August — are organizations in the…

Apple has released iOS 16.7.1 and iPadOS 16.7.1 to address the recently disclosed zero-day CVE-2023-42824. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed with improved checks. Last week, Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting…

Cisco’s massive $28 billion acquisition of Splunk in September was the financial highlight of a quarter during which several other vendors also made strategic purchases to position themselves for emerging enterprise requirements around cloud, application, and identity security. The acquisitions added to a better-than-expected quarter ended Sept. 30, 2023, with venture funding also picking up…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog, including a high-severity flaw (CVE-2023-21608) (CVSS score: 7.8) in Adobe Acrobat Reader. The flaw is a use-after-free issue, an attacker can trigger the flaw to achieve remote code execution (RCE) with the privileges of the current user….