CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that

The Hacker News – ​Read More

India’s Rapido exposed user and driver data through leaky website feedback form

/in

Rapido restricted access to the exposed portal soon after TechCrunch contacted the company.

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

Play Ransomware Claims Krispy Kreme Breach, Threatens Data Leak

/in

KEY SUMMARY POINTS Krispy Kreme, the beloved doughnut chain, disclosed a data breach on December 11, 2024, in…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Fortinet Addresses Unpatched Critical RCE Vector

/in

Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files.

darkreading – ​Read More

OT/ICS Engineering Workstations Face Barrage of Fresh Malware

/in

Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes.

darkreading – ​Read More

Traveling soon? You can share your luggage’s location with these airlines now, thanks to Apple AirTags

/in

With the latest OS versions, you can generate an AirTag link to help airline personnel track down your missing luggage. Apple says privacy safeguards are built in.

Latest stories for ZDNET in Security – ​Read More

Routers with default passwords are attracting Mirai infections, Juniper says

/in

Beginning December 11, customers started reporting “suspicious behavior” on their Session Smart Routers, Juniper says, and they had one thing in common: They were still using the factory-set passwords on the devices.

The Record from Recorded Future News – ​Read More

3 holiday email scams to watch for – and how to stay safe

/in

Some of the messages in your Gmail inbox this season are not very nice. Google provides guidance on protecting yourself from the naughty ones.

Latest stories for ZDNET in Security – ​Read More

Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2

/in

A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn’t enough to fix it.

darkreading – ​Read More

Vendors Chase Potential of Non-Human Identity Management

/in

Non-human identities authenticate machine-to-machine communication. The big challenge now is to secure their elements and processes — before attackers can intercept.

darkreading – ​Read More