SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

/in

SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible.
The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10.
“An improper access control vulnerability has been identified in the SonicWall SonicOS management

The Hacker News – ​Read More

Cybersecurity Talent Shortage Prompts White House Action

/in

The Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed.

darkreading – ​Read More

US Gov Removing Four-Year-Degree Requirements for Cyber Jobs

/in

The US government will remove “unnecessary degree requirements” in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs.

The post US Gov Removing Four-Year-Degree Requirements for Cyber Jobs appeared first on SecurityWeek.

SecurityWeek – ​Read More

One million US Kaspersky customers to be migrated to this lesser-known alternative

/in

Kaspersky customers in the US can continue their existing subscriptions with a replacement product from the company’s ‘trusted partner’. Here’s what to know.

Latest stories for ZDNET in Security – ​Read More

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware

/in

A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk.
The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances.
In

The Hacker News – ​Read More

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

/in

Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages.

These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com).

Adversaries targeting open-source repositories across

The Hacker News – ​Read More

New global standard aims to build security around large language models

/in

The WDTA framework spans the lifecycle of large language models, offering guidelines to manage integration with other systems.

Latest stories for ZDNET in Security – ​Read More

Report: 83% of Organizations Experienced at Least One Ransomware Attack in the Last Year

/in

According to Onapsis, 83% of organizations experienced a ransomware attack in the past year. Of those, 46% experienced four or more attacks, and 14% faced 10 or more. The attacks resulted in at least 24 hours of downtime for 61% of respondents.

Cyware News – Latest Cyber News – ​Read More

MuddyWater Hijacks RMM Software for Espionage

/in

MuddyWater, an Iranian hacker group since 2017, has been using legitimate RMM software to target organizations globally, focusing on government, military, telecom, and oil sectors.

Cyware News – Latest Cyber News – ​Read More

Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild

/in

SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild.

The post Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild appeared first on SecurityWeek.

SecurityWeek – ​Read More