A ransomware group is actively exploiting an unpatched flaw in security tools used across the U.S. federal government, prompting the U.S. cybersecurity agency CISA to order all civilian agencies to remediate the vulnerability by end of day Wednesday.
Cybersecurity firm Check Point Software said the bug affects several of its remote access tools, firewalls, and VPNs, which act as digital gatekeepers to protect company networks from unauthorized access.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- iPhone flaw could read your saved passwords out loud – update now
October 7, 2024
Apple has issued security updates for iOS 18.0.1 and iPadOS 18.0.1 which includes a fix for a bug that could allow a user’s saved passwords to be read aloud by its VoiceOver feature. VoiceOver allows users to use their iPhone or iPad even if they can’t see the screen. It gives audible descriptions of what’s on ...
- CISA flags major Ivanti security flaw – patch now
October 3, 2024
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a known Ivanti bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling that it’s being actively abused in the wild. The bug that was just added is an SQL Injection vulnerability, found this spring in the Core server of Ivanti Endpoint Manager (EPM) 2022 SU5 and ...
- Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks
September 30, 2024
Have you ever wondered why there are so many vulnerable drivers and what might be causing them to be vulnerable? Do you want to understand why some drivers are prone to crossing security boundaries and how we can stop that? Vulnerable drivers not only put the system where they are installed at risk, but they can ...
- Proactive Visibility Is Foundational to Strong Cybersecurity
September 30, 2024
Exposures are more than CVEs, so organizations need to move beyond the traditional thinking of vulnerability management to a holistic view. Part of that view must be greater visibility into devices, users, applications, and all the digital infrastructure connected to an organization’s environment. Gaps in that view create risk exposure. Organizations must proactively identify anything that ...
- Multiple Vulnerabilities in Common Unix Printing System (CUPS)
September 27, 2024
On Thursday, September 26, 2024, a security researcher publicly disclosed several vulnerabilities affecting different components of OpenPrinting’s CUPS (Common Unix Printing System). CUPS is a popular IPP-based open-source printing system primarily (but not only) for Linux and UNIX-like operating systems. According to the researcher, a successful exploit chain allows remote unauthenticated attackers to replace existing printers’ ...
- Zooming in on CVE‑2024‑7965
September 19, 2024
On August 21, Google released an update for Chrome, fixing a total of 37 security flaws. Researchers across the globe paid their attention to the CVE‑2024‑7965 vulnerability described as an inappropriate implementation in the browser’s V8 engine. The vulnerability can lead to remote code execution (RCE) in the Chrome renderer and thus become a starting point ...