Multiple vulnerabilities have been discovered in MOVEit products, which could allow for authentication bypass. Successful exploitation of these vulnerabilities could allow for an attacker to bypass authentication. An attacker could then view, change, or delete data.
The Cybersecurity and Infrastructure Security Agency, in collaboration with US and international partners, released this Joint Report that urges organizations to move toward more robust security solutions, such as Secure Service Edge and Secure Access Service Edge.
As more Internet of Things (IoT) devices become prominent in our daily lives, concerns about their security shortcomings increase. These devices—such as smart appliances, and internet-connected security cameras—add a layer of convenience to many technologies we use regularly.
Organizations are vulnerable to cyberattacks as users connect to more technologies, systems, and networks. Employees are the first line of defense against cyberattacks, making them prime targets for threat actors attempting to exploit human weaknesses.
Credentials provide a way to authenticate users and control access to online accounts, email systems, network resources, and more. Threat actors attempt to harvest or steal these credentials primarily through phishing and other methods. Read for more info.
The Cybersecurity and Infrastructure Security Agency released Joint Cybersecurity Information that provides best practices to secure the deployment environment, validate and protect the artificial intelligence (AI) system, and secure AI operation and maintenance.
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
An XZ Utils vulnerability allowed the embedding of malicious code in the libraries for XZ Utils versions 5.6.0 and 5.6.1. XZ Utils is data compression software that is present in several Linux distributions. The resulting build interferes with authentication in sshd via systemd.
Third-party vendors used by businesses and organizations continue to be targets of threat actors to conduct cyberattacks. These providers may serve as an entry point for threat actors to target multiple organizations with social engineering campaigns.
October marks the 20th annual Cybersecurity Awareness Month (CAM), which raises awareness of the importance of cybersecurity in America, ensuring everyone is prepared with the tools and resources they need to be safe and secure online.
