New Fortinet Zero-Day Exploited for Months Before Patch

/in

A Fortinet zero-day tracked as CVE-2024-47575 and named FortiJump has been exploited since at least June 2024.

The post New Fortinet Zero-Day Exploited for Months Before Patch appeared first on SecurityWeek.

SecurityWeek – ​Read More

What Is PCI Compliance? A Simple Guide for Businesses

/in

Safeguard your customers’ card data using these industry-standard security protocols.

Security | TechRepublic – ​Read More

Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements

/in

The Penn State university has agreed to pay $1.25 million to settle alleged failure to meet cybersecurity requirements for DoD and NASA contracts.

The post Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements appeared first on SecurityWeek.

SecurityWeek – ​Read More

New Scoring System Helps Secure the Open Source AI Model Supply Chain

/in

AI models from Hugging Face can contain similar hidden problems to OSS downloads from repositories such as GitHub.

The post New Scoring System Helps Secure the Open Source AI Model Supply Chain appeared first on SecurityWeek.

SecurityWeek – ​Read More

Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign

/in

Cisco has released patches for multiple vulnerabilities in ASA, FMC, and FTD products, including an exploited flaw.

The post Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign appeared first on SecurityWeek.

SecurityWeek – ​Read More

Technologist Bruce Schneier on security, society and why we need ‘public AI’ models

/in

The renowned security expert says fully transparent models can help us turn AI into a tool that produces benefits for everyone.

Latest stories for ZDNET in Security – ​Read More

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

/in

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild.
Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol.
“A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may

The Hacker News – ​Read More

‘Prometei’ Botnet Spreads Its Cryptojacker Worldwide

/in

The Russian-language malware primarily enlists computers to mine Monero, but theoretically it can do worse.

darkreading – ​Read More

Hackers Leak 180,000 Esport North Africa User Records a Day Before Tournament Begins

/in

A hacker leaked the personal data of 180,000 Esport North Africa users just before the tournament. While no…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Lazarus Group Exploits Chrome Zero-Day in Latest Campaign

/in

The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.

darkreading – ​Read More