Cisco Devices Hacked via IOS XE Zero-Day Vulnerability
Cisco is warning customers that a new zero-day vulnerability impacting the company’s IOS XE software is being exploited to hack devices. The critical vulnerability is…
Category: SecurityWeek
NSA Publishes ICS/OT Intrusion Detection Signatures and Analytics
The National Security Agency has published a repository of tools to help critical infrastructure entities hunt for malicious activity in ICS and other OT environments.…
US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability
US cybersecurity agency CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warn organizations of potential widespread exploitation of a recent zero-day…
WordPress Websites Hacked via Royal Elementor Plugin Zero-Day
Security researchers are warning of a critical-severity vulnerability in the Royal Elementor Addons and Templates WordPress plugin that has been exploited as a zero-day for…
Signal Pours Cold Water on Zero-Day Exploit Rumors
Privacy-focused messaging firm Signal is pouring cold water on widespread rumors of a zero-day exploit in its popular encrypted chat app. “We have seen the…
Academics Devise Cyber Intrusion Detection System for Unmanned Robots
Two Australian academic researchers have devised a new cyber intrusion detection system that relies on AI to help unmanned military robots identify man-in-the-middle (MitM) cyberattacks.…
Milesight Industrial Router Vulnerability Possibly Exploited in Attacks
A vulnerability affecting some industrial routers made by Chinese IoT and video surveillance product maker Milesight may have been exploited in attacks, according to exploit…
Microsoft Improving Windows Authentication, Disabling NTLM
Microsoft is pushing for more secure Windows authentication with new features for Kerberos that would eventually eliminate the use of the NTLM protocol. A challenge-response…
Equifax Gets $13.5 Million Fine Over 2017 Data Breach
The British watchdog Financial Conduct Authority (FCA) on Friday announced that it has fined Equifax Ltd, the UK arm of credit reporting firm Equifax Inc,…
EPA Withdraws Water Sector Cybersecurity Rules Due to Lawsuits
The US Environmental Protection Agency (EPA) has withdrawn cybersecurity rules for public water systems due to lawsuits filed by states and non-profit water associations. The…
Spyware Caught Masquerading as Israeli Rocket Alert Applications
In the wake of the Israel-Gaza conflict, threat actors have been observed targeting Israeli rocket alerting applications to spread fear and mobile spyware, Cloudflare reports.…
CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware
The US cybersecurity agency CISA is stepping up its efforts to prevent ransomware by making it easier for organizations to learn about vulnerabilities and misconfigurations…