Feds Warn on Russian Actors Targeting Critical Infrastructure
In the past, Putin’s Unit 29155 has utilized malware like WhisperGate to target organizations, particularly those in Ukraine.
darkreading – Read More
CISA Flags ICS Bugs in Baxter, Mitsubishi Products
The vulnerabilities affect industrial control tech used across the healthcare and critical manufacturing sectors.
darkreading – Read More
AI Firm’s Misconfigured Server Exposed 5.3 TB of Mental Health Records
A misconfigured server from a US-based AI healthcare firm Confidant Health exposed 5.3 TB of sensitive mental health…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible.
The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10.
“An improper access control vulnerability has been identified in the SonicWall SonicOS management
The Hacker News – Read More
Cybersecurity Talent Shortage Prompts White House Action
The Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed.
darkreading – Read More
US Gov Removing Four-Year-Degree Requirements for Cyber Jobs
The US government will remove “unnecessary degree requirements” in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs.
The post US Gov Removing Four-Year-Degree Requirements for Cyber Jobs appeared first on SecurityWeek.
SecurityWeek – Read More
One million US Kaspersky customers to be migrated to this lesser-known alternative
Kaspersky customers in the US can continue their existing subscriptions with a replacement product from the company’s ‘trusted partner’. Here’s what to know.
Latest stories for ZDNET in Security – Read More
GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk.
The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances.
In
The Hacker News – Read More
GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages.
These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com).
Adversaries targeting open-source repositories across
The Hacker News – Read More
New global standard aims to build security around large language models
The WDTA framework spans the lifecycle of large language models, offering guidelines to manage integration with other systems.
Latest stories for ZDNET in Security – Read More