A ransomware group is actively exploiting an unpatched flaw in security tools used across the U.S. federal government, prompting the U.S. cybersecurity agency CISA to order all civilian agencies to remediate the vulnerability by end of day Wednesday.
Cybersecurity firm Check Point Software said the bug affects several of its remote access tools, firewalls, and VPNs, which act as digital gatekeepers to protect company networks from unauthorized access.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers
August 29, 2022
A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories. Atlassian has fixed the security holes, which are present in versions 7.0.0 to 8.3.0 of the software, inclusive. Luckily there are no ...
- Smartphone gyroscopes threaten air-gapped systems, researcher finds
August 23, 2022
An Israeli security researcher known for foiling air gap security measures has published a reminder of just how vulnerable the approaches are to both visual and ultrasonic threats. A pair of preprint papers from Mordechai Guri, head of R&D at Ben-Gurion University’s Cyber Security Research Labs, detail new methods for transmitting data ultrasonically to smartphone gyroscopes ...
- CISA releases 7 Industrial Control Systems Advisories
August 22, 2022
CISA has released 7 Industrial Control Systems (ICS) advisories on August 23, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-235-01 ARC Informatique PcVue ICSA-22-235-02 Delta Industrial Automation DIALink ICSA-22-235-03 myScada Pro ICSA-22-235-05 Measuresoft ScadaPro Server ICSA-22-235-06 ...
- Two years on, Apple iOS VPNs still leak IP addresses
August 19, 2022
Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there’s no sign of a fix. Back in early 2020, secure mail provider ProtonMail reported a flaw in Apple’s iOS version 13.3.1 that prevented VPNs from encrypting all traffic. The issue was that the ...
- Apple releases Safari 15.6.1 to fix zero-day bug used in attacks
August 18, 2022
Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs. The zero-day patched today (CVE-2022-32893) is an out-of-bounds write issue in WebKit that could allow a threat actor to execute code remotely on a vulnerable device. “Processing maliciously crafted web content may lead to ...
- Janet Jackson music video declared a cybersecurity vulnerability
August 18, 2022
The music video for Janet Jackson’s 1989 pop hit Rhythm Nation has been recognized as a cybersecurity vulnerability after Microsoft reported it can crash old laptop computers. “A colleague of mine shared a story from Windows XP product support,” wrote Microsoft blogger Raymond Chen. The story detailed how “a major computer manufacturer discovered that playing the music ...