urgent
-
A critical security vulnerability has been discovered in Siemens TeleControl Server Basic V3.1, a software solution used for remote monitoring and control of industrial plants. The vulnerability, identified as CVE-2024-44102 and assigned a CVSSv4 score of 10 (the highest severity rating), could allow an unauthenticated attacker to execute arbitrary code on affected devices, potentially leading…
-
Hewlett Packard Enterprise (HPE) has issued critical security patches to address several vulnerabilities affecting its Aruba Networking Access Point products. These vulnerabilities (CVE-2024-42509 and CVE-2024-47460), including two particularly severe flaws, could allow unauthenticated attackers to execute arbitrary commands remotely, potentially compromising the security of affected systems.
-
The Indian Computer Emergency Response Team (CERT-In) has issued a warning about newly discovered vulnerabilities in Google Chrome that could pose significant risks to users.
-
Overview A recently discovered high-severity vulnerability, tracked as CVE-2024-10443 and dubbed “RISK:STATION,” poses a significant threat to Synology NAS users worldwide.
-
Overview The Cybersecurity and Infrastructure Security Agency (CISA) has recently alerted users to multiple vulnerabilities in Apple products following the release of vital security updates on October 28, 2024. These Apple vulnerabilities could potentially allow cyber threat actors to exploit weaknesses in the software, emphasizing the importance of timely updates for safeguarding systems. Apple product…
-
When a large hospital in an urban area is shut down by ransomware, the IT disruption can be significant, but when a rural hospital faces a similar cyber outage, the impact on patient safety and the community can be extreme, said Nitin Natarajan, deputy director of the Cybersecurity and Infrastructure Security Agency.
-
Nvidia, the global leader in graphics processing units (GPUs), is synonymous with high-performance gaming and computational graphics. Hardware provided by this company has become part of millions of users’ systems, powering everything from stunning game visuals to cutting-edge Machine Learning apps.
-
Since data is the lifeblood of modern business, ransomware protection must be a top priority for enterprises, as cybercriminals are constantly targeting it.
-
Cisco has disclosed an actively exploited vulnerability (CVE-2024-20481) in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that could allow attackers to launch denial-of-service (DoS) attacks against Remote Access VPN (RAVPN) services. This vulnerability carries a CVSS score of 5.8 and affects devices running vulnerable releases of ASA or FTD software with…
-
A critical security vulnerability has been discovered in the widely-used Guix system, particularly affecting the guix-daemon. This flaw could allow local users to escalate privileges, potentially tampering with the builds’ outputs in multi-user environments. At the issue’s core lies the guix-daemon’s handling of build outputs, particularly when builds fail. According to the advisory, “guix-daemon has…
-
The United Kingdom announced that it, along with France and Algeria, has called for an urgent meeting at the United Nations Security Council (UNSC) to discuss the humanitarian situation in Gaza while the Prime Minister Keir Starmer said that the UK was considering sanctions on Israeli Ministers.
-
As cyber threats against government agencies and critical infrastructure continue to grow, federal cybersecurity leaders must expand their focus beyond IT to include threats against all physical and virtual assets connected to the network, such as operational technology, the internet of things, building management systems and more.
-
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, emphasizing the pressing need for organizations to address these risks promptly.
-
Overview The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical advisory report highlighting vulnerabilities recently added to the Known Exploited Vulnerability (KEV) catalog. These vulnerabilities pose risks to organizations and require immediate attention.
-
Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
-
A recent security announcement from security researcher Serhii Boiarynov at the Zyxel EMEA team has uncovered malicious activity targeting Zyxel security appliances. Attackers are exploiting previously known vulnerabilities in the ATP and USG FLEX series to steal credentials and gain unauthorized access via SSL VPN tunnels. This activity has been traced to devices running outdated…
-
Share this article
-
Mozilla issued an urgent Firefox update to fix an actively exploited flaw
-
Oct 10, 2024Ravie LakshmananVulnerability / Network Security
-
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its Known Exploited Vulnerabilities (KEV) catalog, following confirmed reports of active exploitation in the wild. The addition of these vulnerabilities signals the urgent need for organizations to implement patches and safeguard their systems. Among the affected platforms are Fortinet and…