January, 2024 - Security Ticks

Critical Account Takeover Vulnerability Impacting GitLab

Account Takeover, GitLab, vulnerability / SecurityTicks

Critical Account Takeover Vulnerability Impacting GitLab 2024-01-16 at 17:32 By cybleinc Critical Account Takeover Vulnerability Impacting GitLab On January 11, 2024, Security fixes for GitLab Community Edition (CE) and Enterprise Edition (EE) were released. The vulnerability identified as CVE-2023-7028 falls under the critical severity category and impacts multiple GitLab CE/EE versions. Exploiting this vulnerability could […]

React to this headline:

Critical Account Takeover Vulnerability Impacting GitLab Read More »

1,700 Ivanti VPN devices compromised. Are yours among them?

0-day, APT, Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, News, SMBs, threat hunting, Volexity, VPN, web shell / SecurityTicks

1,700 Ivanti VPN devices compromised. Are yours among them? 2024-01-16 at 17:16 By Zeljka Zorz Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit

React to this headline:

1,700 Ivanti VPN devices compromised. Are yours among them? Read More »

Ivanti zero-day exploits explode as bevy of attackers get in on the act

Uncategorized / SecurityTicks

Ivanti zero-day exploits explode as bevy of attackers get in on the act 2024-01-16 at 17:03 By Connor Jones Customers still patchless and mitigation only goes so far There’s a “reasonable chance” that Ivanti Connect Secure (ICS) VPN users are already compromised if they didn’t apply the vulnerability mitigation released last week, experts say.… This

React to this headline:

Ivanti zero-day exploits explode as bevy of attackers get in on the act Read More »

Skopenow Grid detects the earliest signals of critical risks

Industry news, Skopenow / SecurityTicks

Skopenow Grid detects the earliest signals of critical risks 2024-01-16 at 17:02 By Industry News Skopenow launched Grid, its new 360-degree situational awareness solution. Grid equips security, intelligence, and investigative teams worldwide with enhanced proactive threat intelligence capabilities, enabling real-time detection of risks to people, assets, and operations. In a global landscape marked by uncertainty,

React to this headline:

Skopenow Grid detects the earliest signals of critical risks Read More »

Tesla owners in deep freeze discover the cold, hard truth about EVs

Uncategorized / SecurityTicks

Tesla owners in deep freeze discover the cold, hard truth about EVs 2024-01-16 at 16:32 By Richard Currie Not all batteries like subzero temperatures This week’s frigid winter conditions in North America exposed the shortcomings of certain electric vehicles, particularly Teslas.… This article is an excerpt from The Register View Original Source React to this

React to this headline:

Tesla owners in deep freeze discover the cold, hard truth about EVs Read More »

Cyber incidents ranked most important risk globally

Uncategorized / SecurityTicks

Cyber incidents ranked most important risk globally 2024-01-16 at 16:31 By According to the Allianz Risk Barometer, cyber incidents (ransomware, data breaches and IT disruptions) are the top global concern of 2024. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

Cyber incidents ranked most important risk globally Read More »

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now

Uncategorized / SecurityTicks

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now 2024-01-16 at 16:31 By Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). “The two issues are

React to this headline:

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits – Act Now Read More »

Case Study: The Cookie Privacy Monster in Big Global Retail

Uncategorized / SecurityTicks

Case Study: The Cookie Privacy Monster in Big Global Retail 2024-01-16 at 16:31 By Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn’t anything malicious, but with modern web environments being so complex,

React to this headline:

Case Study: The Cookie Privacy Monster in Big Global Retail Read More »

Europe benched in high tech ‘Champions League’ says ASML

Uncategorized / SecurityTicks

Europe benched in high tech ‘Champions League’ says ASML 2024-01-16 at 16:17 By Dan Robinson Calls for stronger team play in the global economic tournament The EU needs to get serious and act more decisively and collectively if it wants economic security, especially in advanced technology, as it is trailing global rivals such as Japan,

React to this headline:

Europe benched in high tech ‘Champions League’ says ASML Read More »

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation

Microsoft, Network Security, Pixiefail, Quarkslab, Supply Chain Security, Tianocore, UEFI, Vulnerabilities / SecurityTicks

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation 2024-01-16 at 16:16 By Ryan Naraine Quarkslab finds serious, remotely exploitable vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI spec. The post Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation appeared first on SecurityWeek. This article

React to this headline:

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation Read More »

Remote Code Execution Vulnerability Found in Opera File Sharing Feature

Opera, Vulnerabilities, vulnerability / SecurityTicks

Remote Code Execution Vulnerability Found in Opera File Sharing Feature 2024-01-16 at 16:16 By Ionut Arghire A vulnerability in Opera browser’s file sharing feature My Flow could be exploited for remote code execution. The post Remote Code Execution Vulnerability Found in Opera File Sharing Feature appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Remote Code Execution Vulnerability Found in Opera File Sharing Feature Read More »

180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE

SonicWall, Vulnerabilities / SecurityTicks

180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE 2024-01-16 at 16:16 By Ionut Arghire Two DoS vulnerabilities patched in 2022 and 2023 haunt nearly 180,000 internet-exposed SonicWall firewalls. The post 180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

180k Internet-Exposed SonicWall Firewalls Vulnerable to DoS Attacks, Possibly RCE Read More »

VMware Urges Customers to Patch Critical Aria Automation Vulnerability

VMWare, Vulnerabilities, vulnerability / SecurityTicks

VMware Urges Customers to Patch Critical Aria Automation Vulnerability 2024-01-16 at 16:16 By Eduard Kovacs Aria Automation is affected by a critical vulnerability that could be exploited to gain access to remote organizations and workflows. The post VMware Urges Customers to Patch Critical Aria Automation Vulnerability appeared first on SecurityWeek. This article is an excerpt

React to this headline:

VMware Urges Customers to Patch Critical Aria Automation Vulnerability Read More »

Vodafone signs a 10-year, $1.5B deal with Microsoft that sheds European DCs

Uncategorized / SecurityTicks

Vodafone signs a 10-year, $1.5B deal with Microsoft that sheds European DCs 2024-01-16 at 15:32 By Richard Speed AI for customers and staff, while Euro bitbarns shifted to Azure Microsoft and Vodafone have inked a 10-year deal worth $1.5 billion, resulting in the telecommunication giant shuttering physical datacenters across Europe in favor of virtual ones

React to this headline:

Vodafone signs a 10-year, $1.5B deal with Microsoft that sheds European DCs Read More »

Remcos RAT Spreading Through Adult Games in New Attack Wave

Uncategorized / SecurityTicks

Remcos RAT Spreading Through Adult Games in New Attack Wave 2024-01-16 at 15:32 By The remote access trojan (RAT) known as Remcos RAT has been found being propagated via webhards by disguising it as adult-themed games in South Korea. WebHard, short for web hard drive, is a popular online file storage system used to upload, download,

React to this headline:

Remcos RAT Spreading Through Adult Games in New Attack Wave Read More »

3 Ways to Navigate the Challenges of Australian IRAP Assessments

Uncategorized / SecurityTicks

3 Ways to Navigate the Challenges of Australian IRAP Assessments 2024-01-16 at 15:02 By Micaiah Koh Compliance is a cornerstone for organisations, especially in countries such as the United States. This article is an excerpt from Trustwave Blog View Original Source React to this headline:

React to this headline:

3 Ways to Navigate the Challenges of Australian IRAP Assessments Read More »

Types of Social Engineering Attacks used to Gain Internal Network Access

Uncategorized / SecurityTicks

Types of Social Engineering Attacks used to Gain Internal Network Access 2024-01-16 at 15:02 By Zak Willsallen Social engineering is a technique commonly used by adversaries to manipulate individuals or groups of people into divulging confidential information, performing certain actions, or giving up access to valuable resources. These attacks can take many forms and are

React to this headline:

Types of Social Engineering Attacks used to Gain Internal Network Access Read More »

Hacker Conversations: HD Moore and the Line Between Black and White

Featured, Hacker Conversations, HD Moore, Metasploit / SecurityTicks

Hacker Conversations: HD Moore and the Line Between Black and White 2024-01-16 at 14:47 By Kevin Townsend SecurityWeek talked to HD Moore, best known as the founder and original developer of Metasploit. The post Hacker Conversations: HD Moore and the Line Between Black and White appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Hacker Conversations: HD Moore and the Line Between Black and White Read More »

Asahi Linux team issues promising update on efforts to conquer Apple Silicon

Uncategorized / SecurityTicks

Asahi Linux team issues promising update on efforts to conquer Apple Silicon 2024-01-16 at 14:32 By Richard Speed Good progress for penguinistas keen on Macs The Asahi Linux team has followed up the release of Fedora Asahi Remix with a post detailing the progress of the project to bring Linux to Apple silicon.… This article

React to this headline:

Asahi Linux team issues promising update on efforts to conquer Apple Silicon Read More »

UK public sector could save £20B by swerving mega-projects and more, claims chief auditor

Uncategorized / SecurityTicks

UK public sector could save £20B by swerving mega-projects and more, claims chief auditor 2024-01-16 at 14:05 By Lindsay Clark Spending watchdog slams reliance on outdated systems and poor governance The UK’s chief auditor has claimed the government could save at least £20 billion by modernizing IT systems and other measures.… This article is an

React to this headline:

UK public sector could save £20B by swerving mega-projects and more, claims chief auditor Read More »

January 2024