Canon has patched critical buffer-overflow bugs in its printers that could allow attackers to remotely perform denial of service or execute arbitrary code, emphasizing the importance of promptly updating firmware.
Crypto agility, including the ability to rapidly switch between certificate authorities and encryption standards, is essential for securing digital infrastructure in today’s automated operational environment.
The framework has successfully identified vulnerabilities in C/C++ projects, including two in cJSON and libplist, which might have remained undiscovered without the use of large language models.
New Vulnerabilities in Azure HDInsight Could Have Led to Privilege Escalations and Denial of Service
These vulnerabilities could have allowed attackers to gain cluster administrator privileges, disrupt operations, and negatively impact the availability and reliability of the affected systems.
Companies are bracing for a significant increase in cyber threats in 2024, with 96% of respondents expecting the threat of cyberattacks to their industry to rise, and 71% predicting an increase of more than 50%, according to Cohesity.
Verizon Communications has reported an insider data breach affecting nearly half of its workforce, exposing sensitive employee information such as names, addresses, Social Security numbers, and compensation details.
Chinese state-sponsored hackers breached the internal computer network of the Dutch Ministry of Defence using a vulnerability in FortiGate devices. The breach was for espionage purposes and the malware was found in a compartmentalized network.
The FortiSIEM product from Fortinet has been found to have two new critical vulnerabilities, CVE-2024-23108 and CVE-2024-23109, which allow for remote code execution by unauthenticated attackers.
While it is unclear whether a ransom was paid, the company stated that client transaction data was not accessed during the attack. The attack occurred amidst a major business deal, but experts predicted minimal disruption to EquiLend’s operations
The threat actors behind the campaign utilized multiple stages and techniques, including obfuscation and leveraging open platforms, to carry out the attack and steal sensitive information.