Sophos flags concerning firewall security flaws, users told to patch now
Sophos says it found, and patched, three flaws in its firewall product The flaws allowed for RCE and privilege escalation Those unable to apply the patch can use a workaround…
McDonalds delivery customers put at risk by possible data breach
A researcher found a flaw in a McDonalds API which allowed them to hijack orders The bug also leaked sensitive information It was fixed in September 2024, but users should…
North Korean Lazarus hackers are targeting nuclear workers
Kaspersky recently discovered new additions to the Lazarus DreamJob campaign The criminalss targeted two people working in the same nuclear-related firm In the attack, they used updated malware to try…
New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration
Androxgh0st’s integration with Mozi amplifies global risks IoT vulnerabilities are the new battleground for cyberattacks Proactive monitoring is essential to combat emerging botnet threats Researchers have recently identified a major…
TrueNAS device vulnerabilities exposed during hacking competition
TrueNAS recommends hardening systems to mitigate risks Pwn2Own showcases diverse attack vectors on NAS systems Cybersecurity teams earn over $1 million by finding in exploits At the recent Pwn2Own Ireland…
Open source machine learning systems are highly vulnerable to security threats
MLflow identified as most vulnerable open-source ML platform Directory traversal flaws allow unauthorized file access in Weave ZenML Cloud’s access control issues enable privilege escalation risks Recent analysis of the…
Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks
Synology patches critical zero-click vulnerabilities in NAS devices Attackers can exploit vulnerabilities without user interaction $260,000 was awarded to researchers for discovering exploits Synology has recently patched a critical security…
BeyondTrust says hackers hit its remote support products
BeyondTrust says it spotted an attack in early December 2024 It found some of its Remote Support SaaS instances were compromised It also found and patched two zero-day flaws BeyondTrust…
Safety policies are needed for safe AI adoption, security leaders say
Suyrvey finds Generative AI is being used more than ever in cybersecurity Security leaders overwhelmingly prefer GenAI through platforms The benefits don’t yet outweigh the risks for most New research…
Fortinet flags some worrying security bugs coming back from the dead
A Fortinet flaw, fixed in September 2023, was just flagged in a security bulletin The bug was first discovered in May 2023r, and allows crooks to take over vulnerable endpoints…