Tag: Roundup | Page 2

Deserialized web security roundup – Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat

December 17, 2022/in Computer Security

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

Deserialized web security roundup

Our second web security roundup begins with news that a brace of network security flaws in products from Fortinet and Citrix have each come under active attack.

These attacks were respectively enabled by memory corruption vulnerabilities in the FortiOS SSL-VPN as well as a critical arbitrary code execution risk in Citrix ADC and Citrix Gateway (CVE-2022-27518). It’s unclear whether these assaults are linked, but their occurrence can still be said to underline the importance of patching SSL VPN devices, which have previously been vectors for pushing ransomware onto enterprise networks, among other attacks.

Uber this week suffered a data breach as a result of a cybersecurity incident at a third-party vendor, resulting in the exposure of employees’ personal information. The incident represents only the latest security breach to impact the ride-hailing app firm, which was previously faulted for the delayed disclosure of a 2016 breach that exposed the account records of customers and drivers. More recently, back in September, Uber’s internal IT systems were breached by a social engineering attack.

Over at Black Hat Europe, security researcher Nitesh Dhanjani discussed the impact of floor prices of non-fungible token (NFT) collections and how attacks focused on business dynamics have the potential to wreak havoc on marketplaces. Dhanjani also spoke about off-chain and on-chain sync algorithms, and how the disparities between the two blockchain-related environments can be abused.

I also attended the event for The Daily Swig, reporting on a keynote in which security researcher Daniel Cuthbert said the industry’s fixation on zero-day vulnerabilities was only a partial solution to making the internet fundamentally secure. We also covered some of the top hacking tools from the event.

Among other stories on The Daily Swig in recent days was an Akamai WAF bypass via Spring Boot, SQL injection payloads being smuggled past WAFs, and a crypto maintainer rejecting a bogus cryptocurrency ‘vulnerability’ submitted with the help of ChatGPT.

Here are…

Source…

Cybersecurity News Round-Up: Week of October 10, 2022

October 14, 2022/in Computer Security

Australian police secret agents exposed in Colombian data leak, White House to roll out Energy Star-like ratings for IoT, a new data breach at Toyota

*** This is a Security Bloggers Network syndicated blog from Blog Feed authored by Blog Feed. Read the original post at: https://www.globalsign.com/en/blog/cybersecurity-news-round-week-october-10-2022

Sponsorships Available

Source…

Cybersecurity News Round-Up: Week of August 8, 2022

August 12, 2022/in Mobile Security

Welcome back to our blog! It’s been yet another fascinating week in cybersecurity.

We begin in China, where a hacker has claimed to have stolen the personal information of nearly 49 million users of Shanghai’s Covid app. In a post on Wednesday to Breach Forums, a hacker with the alias “XJP” stated “This DB (database) contains everyone who lives in or visited Shanghai since Suishenma’s adoption,” and provided a sample of the data including the phone numbers, names and Chinese identification numbers and health code status of 47 people. Reuters contacted eleven of the 47 people. Only two said their identification numbers were wrong.

In the UK, the National Health System has been dealing with a serious security incident after an attack last Thursday against a key service provider. According to The Guardian “at least nine NHS mental health trusts have been affected by the outage, reducing their access to patients’ records.” The story goes on to say that “The cyber-attack targeted systems used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings, triage, out-of-hours care, emergency prescriptions and safety alerts. It also targeted the finance system used by the trust.”

Also in Europe, a massive attack hit the website of the German Chambers of Industry and Commerce (DIHK) forcing the organization to shut down its IT systems as a precautionary measure for security reasons. As of earlier this week, the DIHK said it was only relying on phone and fax for communications. Michael Bergmann, chief executive of DIHK, defined the attack as serious and massive, it also added that the organization was not able to estimate how long its systems will be down.

On Wednesday, networking giant Cisco released details about a breach that occurred in May. While the cybercriminals responsible for the May 24th incident stole some information, the company says the business wasn’t impacted. According to Dark Reading “[W]e took immediate action to contain and eradicate the bad actors, remediate the impact of the incident, and further harden our IT environment,” a company spokesman said in the statement sent to Dark Reading….

Source…

Cybersecurity News Round-Up: Week of April 25, 2022

April 29, 2022/in Mobile Security

Coca-Cola investigates a possible cyber intrusion, T-Mobile admits to a data breach last month, the Conti ransomware gang strikes the government of Costa Rica and a French hospital and healthcare system is forced to disconnect all incoming and outgoing Internet connections

*** This is a Security Bloggers Network syndicated blog from Blog Feed authored by Blog Feed. Read the original post at: https://www.globalsign.com/en/blog/cybersecurity-news-round-week-april-25-2022

Source…

Tag Archive for: Roundup