The Bluetooth protocol suffers from an authentication bypass flaw, CVE-2023-45866, allowing attackers within Bluetooth range to connect to vulnerable devices without user confirmation. This flaw, …
US, UK Announce Charges and Sanctions Against Two Russian Hackers
The United States and the United Kingdom have taken legal actions against two Russian individuals linked to cyber operations conducted for Russia's FSB security service. Ruslan Aleksandrovich …
Continue Reading about US, UK Announce Charges and Sanctions Against Two Russian Hackers
Russian APT Used Zero-Click Outlook Exploit
The cybersecurity firm Palo Alto Networks disclosed that APT28, a Russian state-sponsored threat group, exploited a zero-click Outlook vulnerability (CVE-2023-23397) in attacks targeting around 30 …
Continue Reading about Russian APT Used Zero-Click Outlook Exploit
WordPress 6.4.2 Patches Remote Code Execution Vulnerability
The latest security update from WordPress tackles a critical remote code execution (RCE) vulnerability that stems from a property oriented programming (POP) chain issue. This flaw, introduced in …
Continue Reading about WordPress 6.4.2 Patches Remote Code Execution Vulnerability
23andMe Says Hackers Saw Data From Millions of Users
The personal genetics firm 23andMe recently confirmed a cyberattack that accessed data from around 6.9 million of its members. Although the hackers breached only about 0.1 percent of customer accounts …
Continue Reading about 23andMe Says Hackers Saw Data From Millions of Users
21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks
Forescout recently identified 21 vulnerabilities, named 'Sierra:21', in Sierra Wireless AirLink OT/IoT routers, with one critical and nine high-severity flaws. These vulnerabilities encompass issues …
Adobe ColdFusion Vulnerability Exploited in Attacks on US Government Agency
The US cybersecurity agency CISA issued an alert cautioning organizations about the exploitation of the Adobe ColdFusion vulnerability, CVE-2023-26360, initially patched in March 2023. Recent …
Continue Reading about Adobe ColdFusion Vulnerability Exploited in Attacks on US Government Agency
GAO: Federal Agencies Yet to Fully Implement Incident Response Capabilities
The Government Accountability Office (GAO) reported that among 23 federal agencies, only three have fully implemented event logging requirements for incident investigation and remediation. As of …
Continue Reading about GAO: Federal Agencies Yet to Fully Implement Incident Response Capabilities
Apple Patches WebKit Flaws Exploited on Older iPhones
Apple released security updates for macOS and iOS, addressing critical vulnerabilities in the WebKit browsing engine that have been exploited in attacks against older mobile devices. These flaws could …
Continue Reading about Apple Patches WebKit Flaws Exploited on Older iPhones
Simple Attack Allowed Extraction of ChatGPT Training Data
Researchers from Google and various universities discovered a method to extract training data from ChatGPT, involving a simple prompt asking the AI to repeat a word indefinitely. This "silly" method …
Continue Reading about Simple Attack Allowed Extraction of ChatGPT Training Data