Fortinet FortiOS and FortiProxy Null Pointer Dereference Vulnerability

Fortinet FortiOS is a Fortinet security operating system on the FortiGate network security platform.Fortinet FortiProxy is a secure network proxy that protects employees from cyberattacks by combining a variety of detection technologies such as Web filtering, DNS filtering, DLP, anti-virus,...

Formatting String Error Vulnerability in Multiple Fortinet Products

Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiProxy is a secure network proxy that protects employees from cyberattacks by combining a variety of detection technologies, such as Web filtering, DNS filtering, DLP, anti-virus,...

Pegasus spyware creator ordered to reveal code used to spy on WhatsApp users

A California federal judge has ordered spyware maker NSO Group to hand over the code for Pegasus and other spyware products that were used to spy on WhatsApp users. Meta-owned WhatsApp has been fighting NSO in court since 2019, after Pegasus was allegedly used against 1,400 WhatsApp users over th...

A Cyber Insurance Backstop

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The malware ultimately infected more than 40,000 of...

Fortinet FortiOS and FortiProxy Out-of-Bounds Write Vulnerability

Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiProxy is a secure network proxy that protects employees from cyberattacks by combining a variety of detection technologies, such as Web filtering, DNS filtering, DLP, anti-virus,...

If only you had to worry about malware, with Jason Haddix: Lock and Code S05E04

Today on the Lock and Code podcast… If your IT and security teams think malware is bad, wait until they learn about everything else. In 2024, the modern cyberattack is a segmented, prolonged, and professional effort, in which specialists create strictly financial alliances to plant malware on...

The Hidden Injustice of Cyberattacks

Cyberattacks and criminal scams can impact anyone. But communities of color and other marginalized groups are often disproportionately impacted and lack the support to better protect themselves...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-43770link is external Roundcube Webmail Persistent Cross-Site Scripting XSS Vulnerability These types of vulnerabilities are frequent attack vectors for maliciou...

FBI and CISA publish guide to Living off the Land techniques

The Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, Federal Bureau of Investigation FBI, and other authoring agencies have released a joint guidance about common living off the land LOTL techniques and common gaps in cyber defense capabilities. Living Off The...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21762 Fortinet FortiOS Out-of-Bound Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significan...

Summary of Vulnerabilities, Actors & Attacks: January 2024

...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-48618 Apple Multiple Products Memory Corruption Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

Attacks, Vulnerabilities and Actors 22 January to 28 January 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, three instances of adversary activity, and three exploited...

Ukraine Claims Destruction of 280 Russian Servers, 2 Petabytes Lost

By Deeba Ahmed Ukraine Reports Multiple Cyberattacks on Critical Russian Government Infrastructure and Private Companies, Leading to Nationwide Disruption and Massive Data Loss. This is a post from HackRead.com Read the original post: Ukraine Claims Destruction of 280 Russian Servers, 2 Petabytes...

AI likely to boost ransomware, warns government body

The British National Cyber Security Centre NCSC says it expects Artificial Intelligence AI to heighten the global ransomware threat. In a report, the NCSC makes the assessment that AI will almost certainly increase the volume and heighten the impact of cyberattacks over the next two years. We’re...

How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar

From repeatedly crippling thousands of gas stations to setting a steel mill on fire, Predatory Sparrow’s offensive hacking has now targeted Iranians with some of history's most aggressive cyberattacks...

Critical “PixieFail” Flaws Expose Millions of Devices to Cyberattacks

By Deeba Ahmed Quarkslab Discovers "PixieFail" Vulnerabilities: Critical Flaws in Open Source UEFI Code Require Immediate Patching. This is a post from HackRead.com Read the original post: Critical "PixieFail" Flaws Expose Millions of Devices to Cyberattacks...

MFA Spamming and Fatigue: When Security Measures Go Wrong

In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication MFA as a more robust security measure. MFA...

New Findings Challenge Attribution in Denmark's Energy Sector Cyberattacks

The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show. The intrusions, which targeted around 22 Danish energy organizations in May 2023, occurred in two distinct waves, one...

On IoT Devices and Software Liability

New law journal article: Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data...