A ransomware group is actively exploiting an unpatched flaw in security tools used across the U.S. federal government, prompting the U.S. cybersecurity agency CISA to order all civilian agencies to remediate the vulnerability by end of day Wednesday.
Cybersecurity firm Check Point Software said the bug affects several of its remote access tools, firewalls, and VPNs, which act as digital gatekeepers to protect company networks from unauthorized access.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI: Hackers stole government source code via SonarQube instances
October 27, 2020
The Federal Bureau of Investigation (FBI) issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via internet-exposed and insecure SonarQube instances. SonarQube is an open-source platform for automated code quality auditing and static analysis to discover bugs and security vulnerabilities in projects using 27 programming languages. Vulnerable SonarQube servers have ...
- Nvidia tackles code execution flaws, data leaks in GeForce Experience
October 23, 2020
Nvidia has resolved a trio of vulnerabilities impacting the GeForce Experience suite. GeForce Experience is software designed by Nvidia with games and live streamers in mind, including driver update management, driver optimization for gaming and graphics cards, and both video & audio capture. On October 22, Nvidia said the firm’s latest security update tackles issues found in ...
- Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
October 21, 2020
Google released an update to its Chrome browser that patches a zero-day vulnerability in the software’s FreeType font rendering library that was actively being exploited in the wild. Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov ...
- Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio
October 20, 2020
Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Adobe Illustrator was hit the hardest. There are 16 critical bugs, all of which allow arbitrary code execution in the context of the current user. They affect Adobe Illustrator, Adobe Animate, Adobe After ...
- Cisco warns of attacks targeting high severity router vulnerability
October 20, 2020
Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software. The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. Read more… Source: Bleeping Computer
- NSA: Top 25 vulnerabilities actively abused by Chinese hackers
October 19, 2020
The U.S. National Security Agency (NSA) warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against U.S. organizations and interests. In an advisory issued today, the NSA said that it is aware of targeted attacks by Chinese state-sponsored hackers against National Security Systems (NSS), the U.S. Defense Industrial Base (DIB), and the Department of ...