The US Cybersecurity and Infrastructure Security Agency (CISA) has released seven advisories this week about vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) software from various vendors. These advisories cover critical flaws, two of which have public exploits. The affected products include ScadaFlex II controllers made by Industrial Control Links, Screen Creator Advance 2 and Kostac PLC programming software from JTEKT...
Read More
Microsoft Unveils 'Security Copilot' Tool to Boost Cybersecurity Efforts. Microsoft has launched a new tool designed to help cyber security professionals detect and identify breaches and threat signals more efficiently. Called 'Security Copilot', the tool is powered by OpenAI's latest GPT-4 generative artificial intelligence model. Its primary function is to aid security analysts in tasks such as summarising incidents, analysing vulnerabilities, and sharing information with colleagues...
Read More
Popular e-commerce plug-in, WooCommerce, used for WordPress-based online stores, has been found to contain a critical vulnerability that could allow attackers to take over websites. While technical details about the vulnerability have not been published, the WooCommerce team has released updates, and attackers could reverse-engineer the patch. The vulnerability allows for unauthenticated administrative takeover of websites. Website administrators using this plugin are advised to issue the...
Read More
Aruba Networks Releases Patches for Eight Vulnerabilities in ClearPass Policy Manager Software. Aruba Networks, a leading provider of network access enforcement solutions, has recently disclosed a set of patches to address eight vulnerabilities in its ClearPass Policy Manager software. The software is used to enforce unified network access across wireless, wired, and VPN networks. The most severe vulnerability, CVE-2023-25589, was discovered by New Zealander pentester Daniel Jensen....
Read More
Microsoft Releases 76 Fixes in Latest Patch Tuesday Collection. Microsoft has released a collection of 76 fixes for various vulnerabilities as part of its Patch Tuesday update. Of these, two bugs are currently under active exploitation. One of the bugs, CVE-2023-23415, appears to be a “ping of death” and is an ICMP remote code execution (RCE) vulnerability with a CVSS score of 9.8. Attackers can exploit this...
Read More
Cybercriminals are increasingly turning to stolen credentials as a valuable commodity on the underground market. According to a report by cybersecurity firm Flashpoint, last year saw 4,518 data breaches reported, with attackers stealing or exposing 22.62 billion credentials and personal records. Over 60% of these were stolen from organizations in the information sector. Flashpoint's database of threat intelligence includes 575 million posts on illegal forums, 3.6...
Read More
Cisco has released software fixes for multiple versions of firmware running on some of its IP phones, the company announced in an advisory. The advisory covers two vulnerabilities that affect six products, including the 6800 series, 7800 series, and 8800 series phones running the company’s multiplatform firmware. The first vulnerability, CVE-2023-20078 (CVSS score 9.8), allows an unauthenticated remote attacker to send a crafted request to the...
Read More
Today marks a significant milestone in the cyber threat landscape, as the first publicly known malware capable of bypassing Secure Boot defenses has been discovered. Dubbed BlackLotus, the stealthy Unified Extensible Firmware Interface (UEFI) bootkit is being offered for sale at $5,000 and is programmed in Assembly and C. According to ESET, a Slovak cybersecurity company, BlackLotus is capable of running on fully up-to-date Windows 11...
Read More
Today, Google announced that it is working with ecosystem partners to strengthen the security of firmware that interacts with Android. This is part of the company's defense-in-depth strategy, which seeks to protect the platform from malicious attacks. The Android operating system runs on what is known as the application processor (AP), but it is only one of many processors on a system-on-chip (SoC). These processors are...
Read More
The security of Fortinet FortiNAC appliances is under attack, with proof-of-concept exploit code now available and active exploitation attempts in the wild. FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual machine appliance, and is used for network segmentation, visibility, and control of devices and users connected to the network. With more than 700,000 Fortinet...
Read More