The CISA isn’t inclined to call out technology vendors when their fundamental errors impact customers — officials contend they can make a greater impact by discerning and generalizing those mistakes for a broader audience.

The vulnerabilities were found in the Cinterion EHS5-E series modem, but other Telit Cinterion products with similar software and hardware architecture are also likely impacted, including Cinterion BGS5, EHS5/6/7, PDS5/6/8, ELS61/81, and PLS62.

Regulators are increasingly focusing on IoT device security due to the vulnerabilities present in many IoT devices. The lack of expertise among manufacturers in securing connected products has led to significant security risks.

The Cobalt State of Pentesting Report highlights the challenges faced by the cybersecurity industry in balancing the use of AI and protecting against it, amidst significant workforce reductions and resource constraints.

Boeing confirmed to CyberScoop that it is the unnamed multinational aeronautical and defense corporation referenced in an indictment unsealed Tuesday by the U.S. Department of Justice.

The CISA announced the first round of commitments at the RSA Conference on Wednesday, with Director Jen Easterly warning that it was necessary because of widespread hacking campaigns by nation-states like China.

Poland’s CERT-PL said on Wednesday that it had observed a large-scale malware campaign, likely carried out by the hacker group APT28, also known as Fancy Bear, associated with Russia’s military intelligence agency, the GRU.

Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.

CISOs stress the importance of DevSecOps automation to mitigate risks associated with AI and emphasize the need for modernized security tools to combat evolving cyber threats and comply with regulations.

In the attack chain observed by Juniper Threat Labs, CVE-2023-46805 is exploited to gain access to the “https://blogs.juniper.net/api/v1/license/key-status/;” endpoint, which is vulnerable to command injection, and inject the payload.