Cybersecurity
-
SonicWall Addresses Surge in SSL VPN Activity Linked to Patched Vulnerability
SonicWall has confirmed that recent SSL VPN activity is linked to an older, patched vulnerability and password reuse, urging users to update firmware and reset passwords to enhance security against ongoing attacks.
-
Critical Amazon ECS Vulnerability Exposed: Researchers Present ECScape Attack Method
A critical vulnerability in Amazon Elastic Container Service (ECS) has been discovered, enabling attackers to exploit an ‘end-to-end privilege escalation chain.’ Dubbed ECScape by researchers, the attack could allow malicious containers to gain higher privileges and access sensitive data within cloud environments.
-
Orange Telecom Confirms Cyberattack Disrupting Services for Customers
Orange, a major telecommunications provider, reported a cyberattack affecting French customers, prompting immediate isolation of impacted systems. As the investigation continues, no evidence of data theft has been found, but disruptions to services remain.
-
Google Unveils OSS Rebuild to Enhance Open Source Security Amid Supply Chain Threats
Google has launched OSS Rebuild, a new initiative designed to bolster the security of open-source package ecosystems by providing build provenance and mitigating software supply chain attacks.
-
AMD Issues Warning on New Transient Scheduler Vulnerabilities in Chipsets
AMD has issued a warning regarding new vulnerabilities termed Transient Scheduler Attacks (TSA) that could expose sensitive data across its chipsets, necessitating immediate attention and remedial updates.
-
Pakistan-based Cyber Espionage Group Targets Indian Defence with New Linux Malware
A recent cyber espionage operation by the Pakistan-based group APT36 is targeting Indian defence personnel using sophisticated Linux malware that exploits phishing tactics and malicious software designed specifically for Linux environments.
-
Meta Expands Passkey Support to Facebook for Enhanced Security
Meta Platforms is enhancing security for Facebook users by introducing passkey support, a next-generation authentication method designed to be easier and more secure than traditional passwords. This feature will also integrate with Meta Pay for seamless online transactions.
-
Cisco Issues Urgent Patches for Critical Vulnerabilities in Cloud Services
Cisco has issued patches for critical vulnerabilities in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP), warning of potential exploits that could allow unauthorized access and disruption of services in cloud deployments.
-
Schneider Electric Devices Face Critical Vulnerability Risk
CISA has issued a security alert regarding critical vulnerabilities in Schneider Electric’s products, urging immediate action to mitigate risks and promoting best practices for cybersecurity.
-
Hewlett Packard Enterprise Issues Critical Security Warning for StoreOnce Backup Solutions
Hewlett Packard Enterprise has issued a security warning regarding eight vulnerabilities in its StoreOnce backup solutions, including a critical authentication bypass flaw that could allow for exploitation of other vulnerabilities.
