CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic Manager (vTM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2024-7593 (CVSS score: 9.8), which could be exploited by a remote unauthenticated attacker to bypass the

The Hacker News – ​Read More

PDiddySploit Malware Hidden in Files Claiming to Reveal Deleted Diddy Posts

/in

Cybercriminals are exploiting the ongoing Sean “Diddy” Combs scandal by spreading the new PDiddySploit malware hidden in infected…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

6 Cybersecurity Headaches Sports Organizations Have to Worry About

/in

Leaders in professional athletics lament the realities and risks of growth in connected stadium environments, social networks, and legalized gambling.

darkreading – ​Read More

AI can now solve reCAPTCHA tests as accurately as you can

/in

AI doesn’t get every test right, but it’s good enough to look convincingly human. Security pros say AI’s progress is no big deal. Here’s why.

Latest stories for ZDNET in Security – ​Read More

Kansas Water Plant Pivots to Analog After Cyber Event

/in

A water treatment facility in a small city took serious precautions to prevent any bad outcomes from a hazy cyber incident.

darkreading – ​Read More

Telegram to Share User Info With Law Enforcement in Policy Shift

/in

The encrypted messaging service said it will share users’ IP addresses and phone numbers with authorities when requested.

darkreading – ​Read More

Critical Automated Tank Gauge Bugs Threaten Critical Infrastructure

/in

The security vulnerabilities could lead to everything from gas spills to operations data disclosure, affecting gas stations, airports, military bases, and other hypersensitive locations.

darkreading – ​Read More

CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes

/in

CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the July BSOD incident.

The post CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes appeared first on SecurityWeek.

SecurityWeek – ​Read More

Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities

/in

Bitsight finds critical vulnerabilities in several automatic tank gauge (ATG) products used in various critical infrastructure sectors.

The post Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities appeared first on SecurityWeek.

SecurityWeek – ​Read More

Necro Android Malware Found in Popular Camera and Browser Apps on Play Store

/in

Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of a known malware loader called Necro.
Kaspersky said some of the malicious apps have also been found on the Google Play Store. They have been cumulatively downloaded 11 million times. They include –

Wuta Camera – Nice Shot Always (com.benqu.wuta) – 10+ million

The Hacker News – ​Read More