warns
-
Blog
Ivanti warns of new Connect Secure flaw used in zero-day attacks
Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it became aware of the vulnerabilities after the Ivanti Integrity Checker Tool (ICT) detected malicious activity on customers’ appliances. Ivanti launched an investigation and confirmed that threat actors were actively exploiting CVE-2025-0282 as a zero-day.…
Read More » -
Blog
CISA warns of critical Oracle, Mitel flaws exploited in attacks
CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. The cybersecurity agency added a critical path traversal vulnerability (CVE-2024-41713) found in the NuPoint Unified Messaging (NPM) component Mitel’s MiCollab unified communications platform to its Known Exploited Vulnerabilities Catalog. This security bug allows…
Read More » -
Blog
Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. The vulnerabilities were patched in new software versions released between December 23 and 25. However, the holiday period may lead to a slower patching rate and increased risk of exploitation. One of the bugs is tracked as CVE-2024-52046 and impacts MINA…
Read More » -
Blog
Adobe warns of critical ColdFusion bug with PoC exploit code
Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code. In an advisory released on Monday, the company says the flaw (tracked as CVE-2024-53961) is caused by a path traversal weakness that impacts Adobe ColdFusion versions 2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers. “Adobe is aware that CVE-2024-53961…
Read More » -
Blog
Juniper warns of Mirai botnet scanning for Session Smart routers
Juniper Networks has warned customers of Mirai malware attacks scanning the Internet for Session Smart routers using default credentials. As the networking infrastructure company explained, the malware scans for devices with default login credentials and executes commands remotely after gaining access, enabling a wide range of malicious activities. The campaign was first observed on December 11, when the first infected…
Read More » -
Blog
More women are opting for computing degrees, but BCS warns there’s still a long way to go
Efforts to encourage women into computing appear to be paying off, with the gap between men and women choosing computing degrees the smallest it’s ever been. Analysis of data from university clearing service UCAS by BCS, The Chartered Institute for IT, has found that a record 6,310 UK women started a computing degree at UK universities in 2024, compared with…
Read More » -
Blog
/cdn.vox-cdn.com/uploads/chorus_asset/file/24007893/acastro_STK112_android_02.jpg)
Windows warns Phone Link won’t show ‘sensitive’ Android 15 notifications
Microsoft’s Phone Link app is warning that Android smartphones using the latest version of Android 15 won’t display certain “sensitive” notifications, according to a post from Mishaal Rahman spotted by Windows Central. The warning is the result of an Android 15 privacy feature that automatically categorizes notifications like those containing 2FA codes as “sensitive” and prevents third-party apps from seeing…
Read More » -
Blog
CISA warns water facilities to secure HMI systems exposed online
CISA and the Environmental Protection Agency (EPA) warned water facilities today to secure Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks. HMIs are dashboards or user interfaces that help human operators connect to, monitor, and control industrial machines and devices via tablets, portable computers, or built-in displays. “In the absence of cybersecurity controls, threat actors can exploit exposed HMIs at WWS…
Read More » -
Blog
FTC warns of online task job scams hooking victims like gambling
The Federal Trade Commission (FTC) warns about a significant rise in gambling-like online job scams, known as “task scams,” that draw people into earning cash through repetitive tasks, with the promises of earning more if they deposit their own money. Although this type of scam was nearly non-existent in 2020, with the FTC receiving zero reports, the agency documented 5,000…
Read More » -
Blog
Ivanti warns of maximum severity CSA auth bypass vulnerability
Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. The security flaw (tracked as CVE-2024-11639 and reported by CrowdStrike’s Advanced Research Team) enables remote attackers to gain administrative privileges on vulnerable appliances running Ivanti CSA 5.0.2 or earlier without requiring authentication or user interaction by circumventing authentication using an alternate path…
Read More »