chief security officer
-
Danish Energy Ministry Cyber Attack Not Linked to Sandworm Hacking Group
An investigation into cyberattacks in the energy sector has revealed that the attacks may not have been perpetrated by a state-sponsored organization, but rather two waves of attacks that exploited vulnerabilities against the unpatched Zyxel firewall. The attacks were not limited to Denmark, but also included Europe and the United States.
-
Critical Remote Code Execution (RCE) Vulnerability Found in Juniper SRX Firewalls and EX Switches
Juniper Networks (NASDAQ: JUNIER) has issued a security vulnerability advisory to fix a critical Remote Code Execution (RCE) vulnerability in the SRX Series Firewalls and EX Series Switches (CVE-2024-21591), as well as another high-risk vulnerability in Junos OS and Junos OS Evolved (CVE- 2024-21611), which can also be exploited by unauthenticated network attackers to cause a denial of service attack. 2024-21611) in Junos OS and Junos OS Evolved, which can also be exploited by an unauthenticated attacker to cause a denial-of-service attack.
-
GitLab Releases Security Patches to Fix High-Risk Vulnerabilities
GitLab has released a security update that fixes two critical vulnerabilities, one of which (CVE-2023-7028) allows an attacker to exploit a flaw in the mailbox authentication process to hijack a user account by sending a password reset email to an unauthenticated mailbox. The vulnerability affects multiple versions of GitLab Community Edition (CE) and Enterprise Edition (EE).GitLab has released a fix and advises users to upgrade to the fixed version as soon as possible and enable dual authentication for added security.
-
X (formerly twitter) security team confirms theft of SEC account
The U.S. Securities and Exchange Commission compromised the X (formerly twitter) account after unidentified individuals took control of the X (formerly twitter) account cell phone number. Approval for the Bitcoin ETF to be listed on all registered national stock exchanges was posted through the account, which did not have two-factor authentication enabled at the time of the theft.The X security team recommends that all users enable two-factor authentication to secure their accounts.
-
Windows & Edge Browser Patch:Microsoft Security Update Fixes 48 New Vulnerabilities
Microsoft Releases January 2024 Security Update, Fixes 48 Vulnerabilities This update covers Windows systems and the Chromium kernel Edge browser.
-
KEV directory released 6 exploited vulnerabilities , involving Apple, Apache, Adobe, D-Link, Joomla!
The U.S. Cybersecurity and Infrastructure Security Administration (CISA) released six exploited vulnerabilities involving vendors Apple, Apache, Adobe, D-Link, Joomla! and others, and the CVE-2023-41990 vulnerability has been fixed by Apple, but is still being exploited by unknown attackers. It is recommended to affected to carry out vulnerability fixes to protect their network security.
-
User Privacy Protection Google Removes Cookies and Apple Cracks Down on Third-Party SDKs
Two tech giants, Google and Apple, announced initiatives to restrict third-party cookies and SDKs in early 2024. These two initiatives are important for protecting user privacy and will have a profound impact on the internet industry.
-
Syrian hacker group releases Silver RAT remote access Trojan tool
The Syrian hacker group calling itself Anonymous Arabia has released a remote access Trojan horse called Silver RAT, which bypasses security software and covertly launches hidden applications.
-
Turkish Hackers Exploit MS SQL Server Vulnerability in Cyber Attacks
Turkish hackers have recently utilized Microsoft SQL (MS SQL) servers, which have weak security globally, to carry out attacks. This action was designed to gain initial access and was linked to financial gain. The attack targeted the U.S., EU and Latin America (LATAM) regions. Researchers at the security firm Securonix named the operation RE#TURGENCE.
-
Google Chrome starts blocking data tracking cookies
Google Chrome is rolling out a new feature designed to disable third-party cookies and improve user privacy protection. The change will first be rolled out in beta form to around 1% users worldwide. While Chrome's main rivals Safari and Firefox already offer similar privacy-protecting features, advertisers have expressed concerns about the move, saying it could hurt their business.