+84949482065
According to data gathered by the Shadowserver Foundation, 48,457 Fortinet FortiGate firewalls remain unpatched against a known authentication bypass vulnerability. The vulnerability was disclosed earlier this month; Fortinet released an…
On January 17, the US Cybersecurity & Infrastructure Security Agency (CISA) and the FBI published version 2.0 of "Product Security Bad Practices," revised to include information from 78 suggestions received…
Silverfort researchers revealed a bypass for Microsoft's Active Directory Group Policy disabling NTLMv1, exploiting a misconfigured Netlogon Remote Protocol setting. Despite policy restrictions, applications can re-enable NTLMv1, risking relay attacks.…
A half-dozen recently disclosed vulnerabilities in the Rsync file synchronization tool include a pair of flaws that when combined could allow arbitrary code execution: CVE-2024-12084 is a critical heap-based buffer…
The Polish government is aggressively pursuing an inquiry into the previous administration’s use of Pegasus spyware against several hundred people between 2017 and 2022. Poland’s former internal security services chief…
Zabbix disclosed a critical SQL injection vulnerability (CVE-2024-42327) in the CUser.get function in their open-source network monitoring tool. The vulnerability could be exploited by anyone with “a non-admin user account…
Costa Rican energy provider Refinadora Costarricense de Petróleo (RECOPE) reverted to manual operations last week following a ransomware attack. RECOPE “imports, refines and distributes fossil fuels across the country while…
Researchers from the Sysdig Threat Research Team detected a campaign that targeted exposed Git configuration files to steal over 15,000 cloud account and email service credentials. The threat actors reportedly…
Peru’s Interbank says that a data breach may have compromised the personal information of as many as three million customers. Interbank is one of Peru’s largest financial institutions. Earlier this…
MITRE's Center for Threat-Informed Defense, in collaboration with 15 private-sector organizations to develop the AI Incident Sharing Initiative. The project is part of MITRE’s Adversarial Threat Landscape for Artificial-Intelligence Systems…
