CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb.
“A

The Hacker News – ​Read More

Firefox Zero-Day Under Attack: Update Your Browser Immediately

/in

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.
“An attacker was able to achieve code execution in the content process by exploiting a use-after-free in

The Hacker News – ​Read More

Internet Archive Breach Exposes 31 Million Users

/in

The hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital —and legal—attacks.

Security Latest – ​Read More

AI-Powered Cybercrime Cartels on the Rise in Asia

/in

All across the Asia-Pacific region, large and diverse marketplaces for AI cybercrime tools have developed, with deepfakes proving most popular.

darkreading – ​Read More

Marriott Agrees to Pay $52 million, Beef up Data Security to Resolve Probes Over Data Breaches

/in

Marriott agreed to pay $52 million and make changes to bolster its data security to resolve claims related to major data breaches that affected more than 300 million customers.

The post Marriott Agrees to Pay $52 million, Beef up Data Security to Resolve Probes Over Data Breaches appeared first on SecurityWeek.

SecurityWeek – ​Read More

Mamba 2FA Cybercrime Kit Targets Microsoft 365 Users

/in

A stealthy new underground offering uses sophisticated adversary-in-the-middle (AitM) techniques to convincingly serve up “Microsoft” login pages of various kinds, with dynamic enterprise branding.

darkreading – ​Read More

Hackers Hide Remcos RAT in GitHub Repository Comments

/in

The tack highlights bad actors’ interest in trusted development and collaboration platforms — and their users.

darkreading – ​Read More