#Infosec2024: Nearly All of FTSE 100 Exposed to Third and Fourth-Party Breaches
Virtually all of the UK’s most valuable publicly traded firms have suppliers that suffered a breach in the past year,...
News
Business email compromise: new guidance to protect your organisation
Business email compromise: new guidance to protect your organisation Business email compromise (BEC) occurs when a criminal accesses a work...
Machine learning security principles updated
Machine learning security principles updated The NCSC’s ‘Principles for the security of machine learning’ were originally published in August 2022....
Active Exploitation of High-Severity Vulnerability in Check Point Virtual Private Network (VPN) Products
Check Point has released updates addressing a high severity vulnerability (CVE-2024-24919) affecting their VPN products. The vulnerability is reportedly being...
Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT)...
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a...
Critical Vulnerabilities in FortiSIEM
Fortinet has released updates addressing critical vulnerabilities (CVE-2024-23108 and CVE-2024-23109) affecting their FortiSIEM products. The vulnerabilities have a Common Vulnerability...
US-CERT Vulnerability Summary for the Week of May 20, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Critical Vulnerability in TP-Link Archer C5400X Gaming Router
TP-Link has released security updates to address a critical vulnerability (CVE-2024-5035) affecting their Archer C5400X gaming router product. The vulnerability...
Critical Vulnerabilities in Cacti
Cacti has released security updates addressing critical vulnerabilities in their products. The vulnerabilities are:CVE-2024-29895: Successful exploitation of this vulnerability could allow an...
Active Exploitation of Critical Vulnerability in NextGen Healthcare Mirth Connect
There have been reports of active exploitation of a critical vulnerability (CVE-2023-43208) affecting NextGen Healthcare Mirth Connect. The vulnerability has...
High-Severity Vulnerability in Mozilla PDF.js
Security researchers have discovered a high-severity vulnerability (CVE-2024-4367) in Mozilla PDF.js. Mozilla PDF.js is a PDF viewer that is built into Mozilla...
Active Exploitation of High-Severity Vulnerability in Apache Flink
There have been reports of active exploitation of a high-severity vulnerability (CVE-2020-17519) affecting Apache Flink.Successful exploitation of the vulnerability could...
F5 Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of...
Active Exploitation of High-Severity Vulnerabilities in Google Chrome
There have been reports of active exploitation of high-severity vulnerabilities (CVE-2024-4947 and CVE-2024-5274) affecting Google Chrome. The vulnerabilities are caused...
Active Exploitation of High-Severity Vulnerability in Google Chrome
There have been reports of active exploitation of a high-severity vulnerability (CVE-2024-4947) affecting Google Chrome. The vulnerability is caused by...
Critical Vulnerabilities in WordPress Plugins
Security updates have been released to address critical vulnerabilities in multiple WordPress plugins. The vulnerabilities affect the following plugins: WordPress Copymatic –...
Active Exploitation of Vulnerabilities in D-Link Routers
There have been reports of active exploitation of vulnerabilities affecting D-Link DIR-600 and DIR-605 routers.The vulnerabilities are:CVE-2014-100005: Successful exploitation of the...
Microsoft Edge Multiple Vulnerabilities
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of...
Critical Vulnerabilities in Ivanti Endpoint Manager
Ivanti has released security updates to address critical vulnerabilities (CVE-2024-29822, CVE-2024-29823, CVE-2024-29824, CVE-2024-29825, CVE-2024-29826, and CVE-2024-29827) in Ivanti Endpoint Manager...
Critical Vulnerability in Fluent Bit
Security updates have been released to address a critical vulnerability (CVE-2024-4323) affecting Fluent Bit. The vulnerability has a Common Vulnerability...
Critical Vulnerability in GitHub Enterprise Server
GitHub has released security updates to address a critical vulnerability (CVE-2024-4985) affecting GitHub Enterprise Server (GHES). The vulnerability has a...
Critical Vulnerability in Git
Security updates have been released to address a critical vulnerability (CVE-2024-32002) affecting Git. The vulnerability has a Common Vulnerability Scoring...
Critical Vulnerability in Veeam Backup Enterprise Manager
Veeam has released security updates to address a critical vulnerability (CVE-2024-29849) affecting Veeam Backup Enterprise Manager (VBEM). The vulnerability has...
