Tag: Exploitation
-
Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/01/13/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability CVE-2024-48365 Qlik Sense HTTP Tunneling Vulnerability These types of vulnerabilities…
-
The Register: Miscreants ‘mass exploited’ Fortinet firewalls, ‘highly probable’ zero-day used
Source URL: https://www.theregister.com/2025/01/14/miscreants_mass_exploited_fortinet_firewalls/ Source: The Register Title: Miscreants ‘mass exploited’ Fortinet firewalls, ‘highly probable’ zero-day used Feedly Summary: Ransomware ‘not off the table,’ Arctic Wolf threat hunter tells El Reg Miscreants running a “mass exploitation campaign" against Fortinet firewalls, which peaked in December, may be using an unpatched zero-day vulnerability to compromise the equipment, according…
-
The Register: Microsoft sues ‘foreign-based’ criminals, seizes sites used to abuse AI
Source URL: https://www.theregister.com/2025/01/13/microsoft_sues_foreignbased_crims_seizes/ Source: The Register Title: Microsoft sues ‘foreign-based’ criminals, seizes sites used to abuse AI Feedly Summary: Crooks stole API keys, then started a hacking-as-a-service biz Microsoft has sued a group of unnamed cybercriminals who developed tools to bypass safety guardrails in its generative AI tools. The tools were used to create harmful…
-
Alerts: CISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and Operators
Source URL: https://www.cisa.gov/news-events/alerts/2025/01/13/cisa-and-us-and-international-partners-publish-guidance-priority-considerations-product-selection-ot Source: Alerts Title: CISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and Operators Feedly Summary: Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure…
-
Schneier on Security: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
Source URL: https://www.schneier.com/blog/archives/2025/01/microsoft-takes-legal-action-against-ai-hacking-as-a-service-scheme.html Source: Schneier on Security Title: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme Feedly Summary: Not sure this will matter in the end, but it’s a positive move: Microsoft is accusing three individuals of running a “hacking-as-a-service” scheme that was designed to allow the creation of harmful and illicit…