Ionut Arghire

North Korean APT Exploited IE Zero-Day in Supply Chain Attack

A Pyongyang-aligned APT was caught exploiting a recent zero-day in Internet Explorer in a supply chain attack.

October 18, 2024

North Korean Fake IT Workers Extort Employers After Stealing Data

North Korean nationals posing as IT workers have been extorting their employers after gaining insider access.

October 18, 2024

Omni Family Health Data Breach Impacts 470,000 Individuals

Omni Family Health has disclosed a data breach impacting nearly 470,000 current and former patients and employees.

October 18, 2024

CISA, FBI Seek Public Comment on Software Security Bad Practices Guidance

CISA and the FBI are requesting public comment on new guidance regarding risky software security bad practices.

October 17, 2024

F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability

F5 has released patches for a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity bug in BIG-IQ.

October 17, 2024

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

Cisco has released patches for multiple vulnerabilities in ATA 190 series firmware, including two high-severity flaws.

October 17, 2024

Iranian Hackers Use Brute Force in Critical Infrastructure Attacks

Iranian threat actors use brute force techniques in attacks against critical infrastructure organizations, the US, Australia, and Canada warn.

October 17, 2024

Android 15 Rolling Out With New Theft, Application Protection Features

Google has released Android 15 with new security features to keep devices and sensitive applications better protected.

October 16, 2024

Google Pays Out $36,000 for Severe Chrome Vulnerability

Google has released Chrome 130 in the stable channel to resolve 17 vulnerabilities, including 13 reported by external researchers.

October 16, 2024

CISA Flags Critical SolarWinds Web Help Desk Bug for In-the-Wild Exploitation

CISA warns that a critical-severity hardcoded credentials vulnerability in SolarWinds Web Help Desk is exploited in attacks.

October 16, 2024

Oracle Patches Over 200 Vulnerabilities With October 2024 CPU

Oracle has released 334 new security patches to address roughly 220 unique CVEs as part of its October 2024 Critical Patch Update.

October 16, 2024

GitHub Patches Critical Vulnerability in Enterprise Server

A critical-severity flaw in GitHub Enterprise Server could lead to unauthorized access to the vulnerable instances.

October 15, 2024

Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities

Splunk has released patches for multiple vulnerabilities in Splunk Enterprise, including two high-severity remote code execution flaws.

October 15, 2024

Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack

Automattic has rolled out updates for 101 Jetpack versions released over the past eight years to resolve a critical vulnerability.

October 15, 2024

Open Source Package Entry Points May Lead to Supply Chain Attacks

Entry points in packages across multiple programming languages are susceptible to exploitation in supply chain attacks.

October 15, 2024

Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches

Gryphon Healthcare and Tri-City Medical Center have disclosed data breaches collectively impacting over 500,000 individuals.

October 14, 2024

Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability

The Iran-linked APT OilRig has intensified cyber operations against the United Arab Emirates and the broader Gulf region.

October 14, 2024

Juniper Networks Patches Dozens of Vulnerabilities

Juniper Networks has announced patches for dozens of vulnerabilities in Junos OS, Junos OS Evolved, and third-party components.

October 14, 2024

Tor Browser Update Patches Exploited Firefox Zero-Day

Tor browser version 13.5.7 is rolling out with patches for an exploited zero-day vulnerability recently addressed in Firefox.

October 14, 2024

ShadowLogic Attack Targets AI Model Graphs to Create Codeless Backdoors

HiddenLayer details ShadowLogic, a new method of creating codeless backdoors in AI models by manipulating their graphs.

October 11, 2024

SECURITYWEEK NETWORK:

ICS:

Ionut Arghire

North Korean APT Exploited IE Zero-Day in Supply Chain Attack

North Korean Fake IT Workers Extort Employers After Stealing Data

Omni Family Health Data Breach Impacts 470,000 Individuals

CISA, FBI Seek Public Comment on Software Security Bad Practices Guidance

F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters

Iranian Hackers Use Brute Force in Critical Infrastructure Attacks

Android 15 Rolling Out With New Theft, Application Protection Features

Google Pays Out $36,000 for Severe Chrome Vulnerability

CISA Flags Critical SolarWinds Web Help Desk Bug for In-the-Wild Exploitation

Oracle Patches Over 200 Vulnerabilities With October 2024 CPU

GitHub Patches Critical Vulnerability in Enterprise Server

Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities

Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack

Open Source Package Entry Points May Lead to Supply Chain Attacks

Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches

Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability

Juniper Networks Patches Dozens of Vulnerabilities

Tor Browser Update Patches Exploited Firefox Zero-Day

ShadowLogic Attack Targets AI Model Graphs to Create Codeless Backdoors

Featured

Vulnerabilities

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Vulnerabilities

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Hacker Conversations

Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hacker

Artificial Intelligence

AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask

ICS/OT

Cal Water Investigating Iranian Hackers’ Claims

Network Security

Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks

Ransomware

Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer

Latest News

Identity & Access

Webinar Today: How Modern Breaches Bypass MFA and Evade Detection

Funding/M&A

1Password Acquires Apono in Reported $250M-$300M Deal

Artificial Intelligence

Tenet Security Emerges From Stealth With $6 Million Seed Funding

ICS/OT

Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software

Malware & Threats

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

Vulnerabilities

Oracle’s Second Monthly Security Updates Deliver 245 Patches

Vulnerabilities

Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities

Daily Briefing Newsletter