International

Cisco AsyncOS Software, used by Cisco Secure Email and Web Manager, Cisco Secure Email Gateway (previously Cisco Email Security Appliance; ESA), and Cisco Secure Web Appliance (WSA), has multiple flaws in its web-based management interface. The vulnerabilities could allow a remote attacker to launch cross-site scripting (XSS) attack against a …

Petro-Canada gas stations, following a cyberattack on parent company Suncor: Suncor is a Canada-based energy company that owns a network of more than 1,800 Petro-Canada retail and wholesale locations. On June 25, Suncor said it had experienced a cybersecurity incident that may impact some transactions with suppliers and customers. The …

Fortinet has released patches to address a critical vulnerability in its FortiNAC network access control solution. The vulnerability, tracked as CVE-2023-33299, is a deserialization of untrusted data issue that could allow an unauthenticated attacker to execute unauthorized code or commands on affected devices. The vulnerability impacts FortiNAC versions up to …

Google has released a security update for Chrome that patches four high-severity vulnerabilities. The update is available for Mac, Linux, and Windows, and it will be rolled out over the next few days/weeks. The vulnerabilities were discovered by three outside researchers, and they could have been exploited by attackers to …

American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed on Friday that their data had been breached. The breach was caused by a hack of Pilot Credentials, a third-party vendor that manages pilot applications and recruitment portals for multiple airlines. The breach affected 5745 pilots …

Joseph James O’Connor, a 24-year-old British citizen, was sentenced to five years in prison in the United States for his role in the July 2020 Twitter hack. O’Connor, who went by the online alias “PlugwalkJoe,” pleaded guilty to criminal schemes that included unauthorized access to Twitter’s backend tools, SIM swapping …

Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits. The warning comes after Kaspersky published a report detailing a Triangulation malware component used in a campaign it tracks as “Operation Triangulation.” Kaspersky says it found …

Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands. FortiNAC is a allows organizations to manage network-wide access policies, gain visibility of devices and users, and secure the network against unauthorized access and threats. …

Facebook and Instagram users in Canada cannot share news on these two platforms. Meta, the company that owns the two social media, said that the Canadian government is going to stop the news feature due to the new law. In addition to Facebook and Instagram, the new law will also …

Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report. The supply chain vulnerability, also known as dependency repository …