Please turn on your JavaScript for this page to function normally.
Google Meet
Fake Google Meet pages deliver infostealers

Users of the Google Meet video communication service have been targeted by cyber crooks using the ClickFix tactic to infect them with information-stealing malware. Fake Google …

Fyodor Yarochkin
The role of compromised cyber-physical devices in modern cyberattacks

Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution …

time
Defenders must adapt to shrinking exploitation timelines

A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 …

dark web
Attackers deploying red teaming tool for EDR evasion

Threat actors are leveraging the open-source EDRSilencer tool to evade endpoint detection and response systems, Trend Micro researchers have noticed. About EDRSilencer The …

Fortinet
87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls …

EU
EU adopts Cyber Resilience Act to secure connected products

The EU Council has adopted the Cyber Resilience Act (CRA), a new law that aims to make consumer products with digital components safe(r) to use. CRA requirements The CRA …

Firefox
Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About …

Internet Archive
Internet Archive data breach, defacement, and DDoS: Users’ data compromised

The Internet Archive has suffered a data breach, leading to the compromise of email addresses, screen names and bcrypt password hashes of some 31 million users. The compromise …

GitLab
Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security …

Patch Tuesday
Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug …

Ivanti
Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)

Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company …

Qualcomm
Qualcomm zero-day under targeted exploitation (CVE-2024-43047)

An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About …

Don't miss

Cybersecurity news