CISA orders federal agencies to secure Microsoft 365 tenants
CISA has issued this year’s first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their cloud environments by implementing a list of…
Author: Cybernoz
Critical RCE Vulnerability in Apache Struts Actively Exploited using Public PoC
A critical security vulnerability has been identified in Apache Struts, a popular open-source framework for building Java-based web applications actively used in attacks leveraging publish…
Petbarn uses AI tool to answer questions, recommend products – Marketing
Pet care retailer Petbarn is offering a generative AI tool to “pet parents” that can dispense “vet-approved advice” when its stores and vet clinics are…
Hackers Leak Partial Cisco Data from 4.5TB of Exposed Records
SUMMARY: Partial Data Leak: Hackers leaked 2.9GB of Cisco’s data on Breach Forums on December 16, 2024. Exposed Records: The leaked data is part of…
Gov asked to create universal coverage map for telco services in Australia – Telco/ISP
The government has been asked to compile and maintain an independent map of mobile and broadband service availability and providers, accurate to a “specific location”…
Innovator Spotlight: Fortra – Cyber Defense Magazine
by Dan K. Anderson CEO, CISO, and vCISO As cyber threats grow more sophisticated and frequent, organizations face immense pressure to simplify their security stacks…
New critical Apache Struts flaw exploited to find vulnerable servers
A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. Apache Struts is…
FBI Warns Of HiatusRAT Attacking Web Cameras And DVRs To Gain Full Access
The Federal Bureau of Investigation (FBI) has issued a Private Industry Notification (PIN) alerting cybersecurity professionals and system administrators about a new threat targeting web…
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
Dec 17, 2024Ravie LakshmananMalware / Credential Theft A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a…
Azure Data Factory And Apache Airflow Integration Flaws Let Attackers Gain Write Access
Researchers uncovered new security vulnerabilities in the Azure Data Factory Apache Airflow integration dubbed “Dirty DAG”, which allow attackers to get unauthorized write permissions to…
Conservative MP adds to calls for public inquiry over PSNI police spying
A court ruling that the Metropolitan Police and the Police Service of Northern Ireland unlawfully placed journalists under surveillance has led to renewed calls for…
Might need a mass password reset one day? Read this first.
A common adage among cybersecurity professionals is that when it comes to cyber-attacks, it’s not a matter of if but when. Despite this certainty, organizations are often caught…