A recent study by ISACA shows that almost two-thirds of cybersecurity professionals report increasing job stress. The 2024 State of Cybersecurity Survey report indicates a decline in job openings. It also reveals that 64% of cybersecurity professionals in Australia find their roles more stressful than five years ago, and 57% …
Read More »ISACA reveals
ALERT
Over 700,000 Routers Vulnerable to Hack for 14 security flaws
Over 14 new security flaws have been found in DrayTek routers for homes and businesses, which could allow attackers to take control of affected devices. According to Forescout Vedere Labs,”These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the …
Read More »
Bitdefender blog post
Medusa target Fortinet flaw (CVE-2023-48788) for Ransomware Attacks
A recent Bitdefender report reveals that Medusa is still actively attacking and has created a notable presence on both the dark web and surface web, making it a ransomware group to monitor. Medusa stands out from other ransomware groups by maintaining a name-and-shame blog on the surface web, where it …
Read More »CISA unveils 25 new advisories for Industrial Control Systems
CISA issued 25 ICS advisories on September 12, 2024, detailing current security issues, vulnerabilities, and exploits in Industrial Control Systems. ICSA-24-256-01 Siemens SINEMA Remote Connect Server ICSA-24-256-02 Siemens SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D ICSA-24-256-03 Siemens User Management Component (UMC) ICSA-24-256-04 Siemens SINUMERIK Systems ICSA-24-256-05 Siemens Mendix Runtime ICSA-24-256-06 …
Read More »TD Bank fined $28 million for sharing customer data
Because of disclosing incorrect and negative data, The Consumer Financial Protection Bureau (CFPB) on Wednesday fined TD Bank, one of North American leading financial institutions $28 million to consumer reporting agencies. According to the agency, The inaccurate data included “systemic errors about credit card delinquencies and bankruptcies,”. Nearly $8 million …
Read More »Zyxel Issues Hotfix for EOL NAS product
Zyxel issued hotfixes for a severe command injection vulnerability traced as CVE-2024-6342, affecting its NAS326 and NAS542 network-attached storage (NAS) devices. The flaw reported by security researchers Nanyu Zhong and Jinwei Dong from VARAS@IIE, poses significant risks for it allows bad actor to execute arbitrary operating system commands. Its concerning …
Read More »Cisco released security updates for two critical security flaws
CISCO released security updates for two critical security flaws impacting its smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges. A brief description of the two vulnerabilities is below – CVE-2024-20439 (CVSS score: 9.8): The presence of an undisclosed static user credential that an attacker could …
Read More »Monday hits two UK bank apps causes outages
Lloyds Bank and Virgin Money’s internet banking services were down on Monday, causing trouble for users to access and view their transactions. Lloyds Bank customers in the UK had problems accessing their online banking on Monday. The issues started at 10 a.m., and users complained about not being able to …
Read More »Mirai Botnet Exploits Zero-Day Vulnerability CVE-2024-7029
Akamai’s Security Intelligence Response Team (SIRT) found a large Mirai botnet campaign that is using a new zero-day vulnerability (CVE-2024-7029) in AVTECH IP cameras. The vulnerability, which allows for remote code execution, has been leveraged to propagate a Mirai variant dubbed “Corona,” raising significant concerns about critical infrastructure security. CVE-2024-7029 …
Read More »NSA Unveils Best Practices for Event Log & Threat Detection – 2024
NSA has released Best Practices for Event Logging and Threat Detection to make sure important systems keep working. These practices apply to cloud services, enterprise networks, mobile devices, and operational technology networks. The Cybersecurity Information Sheet (CSI) was created with international co-authors, including the Australian Signals Directorate’s Australian Cyber Security …
Read More »