warns
-
Blog
More women are opting for computing degrees, but BCS warns there’s still a long way to go
Efforts to encourage women into computing appear to be paying off, with the gap between men and women choosing computing degrees the smallest it’s ever been. Analysis of data from university clearing service UCAS by BCS, The Chartered Institute for IT, has found that a record 6,310 UK women started a computing degree at UK universities in 2024, compared with…
Read More » -
Blog
/cdn.vox-cdn.com/uploads/chorus_asset/file/24007893/acastro_STK112_android_02.jpg)
Windows warns Phone Link won’t show ‘sensitive’ Android 15 notifications
Microsoft’s Phone Link app is warning that Android smartphones using the latest version of Android 15 won’t display certain “sensitive” notifications, according to a post from Mishaal Rahman spotted by Windows Central. The warning is the result of an Android 15 privacy feature that automatically categorizes notifications like those containing 2FA codes as “sensitive” and prevents third-party apps from seeing…
Read More » -
Blog
CISA warns water facilities to secure HMI systems exposed online
CISA and the Environmental Protection Agency (EPA) warned water facilities today to secure Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks. HMIs are dashboards or user interfaces that help human operators connect to, monitor, and control industrial machines and devices via tablets, portable computers, or built-in displays. “In the absence of cybersecurity controls, threat actors can exploit exposed HMIs at WWS…
Read More » -
Blog
FTC warns of online task job scams hooking victims like gambling
The Federal Trade Commission (FTC) warns about a significant rise in gambling-like online job scams, known as “task scams,” that draw people into earning cash through repetitive tasks, with the promises of earning more if they deposit their own money. Although this type of scam was nearly non-existent in 2020, with the FTC receiving zero reports, the agency documented 5,000…
Read More » -
Blog
Ivanti warns of maximum severity CSA auth bypass vulnerability
Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. The security flaw (tracked as CVE-2024-11639 and reported by CrowdStrike’s Advanced Research Team) enables remote attackers to gain administrative privileges on vulnerable appliances running Ivanti CSA 5.0.2 or earlier without requiring authentication or user interaction by circumventing authentication using an alternate path…
Read More » -
Blog
UK Cyber Risks Are ‘Widely Underestimated,’ Warns Security Chief
In his first speech on Tuesday, the new head of the U.K.’s National Cyber Security Centre warned that the country’s cyber risks are “widely underestimated.” Richard Horne, who took the position in October, says that hostile activity has “increased in frequency, sophistication and intensity,” largely from foreign actors in Russia and China. He highlighted the ransomware attacks on the British…
Read More » -
Blog
Japan warns of IO-Data zero-day router flaws exploited in attacks
Japan’s CERT is warning that hackers are exploiting zero-day vulnerabilities in I-O Data router devices to modify device settings, execute commands, or even turn off the firewall. The vendor has acknowledged the flaws in a security bulletin published on its website. However, the fixes are expected to land on December 18, 2024, so users will be exposed to risks until…
Read More » -
Blog
Oracle warns of Agile PLM file disclosure flaw exploited in attacks
Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. Oracle Agile PLM is a software platform that enables businesses to manage product data, processes, and collaboration across global teams. Yesterday, Oracle urged Agile PLM customers to install the latest version to fix the…
Read More » -
Blog
Palo Alto Networks warns of critical RCE zero-day exploited in attacks
Palo Alto Networks is warning that a critical zero-day vulnerability on Next-Generation Firewalls (NGFW) management interfaces, currently tracked as ‘PAN-SA-2024-0015,’ is actively being exploited in attacks. The flaw was originally disclosed on November 8, 2024, with Palo Alto Networks warning customers to restrict access to their next-generation firewalls because of a “potential” remote code execution (RCE) vulnerability impacting them. No signs…
Read More » -
Blog
CISA warns of more Palo Alto Networks bugs exploited in attacks
CISA warned today that two more critical security vulnerabilities in Palo Alto Networks’ Expedition migration tool are now actively exploited in the wild. Attackers can use the two unauthenticated command injection (CVE-2024-9463) and SQL injection (CVE-2024-9465) vulnerabilities to hack into unpatched systems running the company’s Expedition migration tool, which helps migrate configurations from Checkpoint, Cisco, and other supported vendors. While…
Read More »