China-linked APT Volt Typhoon infiltrated a critical infrastructure network in the US and remained undetected for at least five years. US CISA, the NSA, the FBI, along with partner Five Eyes agencies, published a joint advisory to warn that China-linked…
Category: Security Affairs
Cisco fixes critical Expressway Series CSRF vulnerabilities
CISCO fixed two critical flaws in Expressway Series collaboration gateways exposing vulnerable devices to cross-site request forgery (CSRF) attacks. Cisco addressed several vulnerabilities in its Expressway Series collaboration gateways, two of which, tracked as CVE-2024-20252 and CVE-2024-20254, are critical flaws…
CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium V8 Type Confusion bug, tracked as CVE-2023-4762, to its Known…
Fortinet addressed two critical FortiSIEM vulnerabilities
Fortinet warns of two critical OS command injection vulnerabilities in FortiSIEM that could allow remote attackers to execute arbitrary code Cybersecurity vendor Fortinet warned of two critical vulnerabilities in FortiSIEM, tracked as CVE-2024-23108 and CVE-2024-23109 (CVSS score 10), which could…
Experts warn of a critical bug in JetBrains TeamCity On-Premises
A new vulnerability in JetBrains TeamCity On-Premises can be exploited by threat actors to take over vulnerable instances. JetBrains addressed a critical security vulnerability, tracked as CVE-2024-23917 (CVSS score 9.8) in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD)…
Critical shim bug impacts every Linux boot loader signed in the past decade
The maintainers of Shim addressed six vulnerabilities, including a critical flaw that could potentially lead to remote code execution. The maintainers of ‘shim’ addressed six vulnerabilities with the release of version 15.8. The most severe of these vulnerabilities, tracked as CVE-2023-40547 (CVSS…
China-linked APT deployed malware in a network of the Dutch Ministry of Defence
China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached…
Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG
Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. The latest report published by Google Threat Analysis Group (TAG), titled “Buying Spying, an in-depth report with our insights into Commercial Surveillance…
Google fixed an Android critical remote code execution flaw
Google released Android ’s February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution issue. Google released Android February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution flaw tracked as CVE-2024-0031.…
A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e
A Belarusian and Cypriot national linked with the cryptocurrency exchange BTC-e is facing charges that can lead maximum penalty of 25 years in prison. Aliaksandr Klimenka, a Belarusian and Cypriot national linked with the now-defunct cryptocurrency exchange BTC-e, is facing…