Fortinet has released patches to address a critical vulnerability in its FortiNAC network access control solution. The vulnerability, tracked as CVE-2023-33299, is a deserialization of untrusted data issue that could allow an unauthenticated attacker to execute unauthorized code or commands on affected devices. The vulnerability impacts FortiNAC versions up to …
Read More »
Google has released a security update for Chrome that patches four high-severity vulnerabilities. The update is available for Mac, Linux, and Windows, and it will be rolled out over the next few days/weeks. The vulnerabilities were discovered by three outside researchers, and they could have been exploited by attackers to …
Read More »
Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits. The warning comes after Kaspersky published a report detailing a Triangulation malware component used in a campaign it tracks as “Operation Triangulation.” Kaspersky says it found …
Read More »
Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands. FortiNAC is a allows organizations to manage network-wide access policies, gain visibility of devices and users, and secure the network against unauthorized access and threats. …
Read More »
Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report. The supply chain vulnerability, also known as dependency repository …
Read More »
ASUS has released new firmware for several router models to address security vulnerabilities, including critical ones like CVE-2022-26376 and CVE-2018-1160, which can lead to denial-of-service attacks and code execution. The seven other flaws are as follows – CVE-2022-35401 (CVSS score: 8.1) – An authentication bypass vulnerability that could permit an attacker to send malicious HTTP requests …
Read More »
Mandiant, a prominent cybersecurity firm now part of google cloud, has uncovered the activities of UNC3886, a Chinese cyberespionage group that has been actively exploiting a zero-day vulnerability in VMware ESXi. This vulnerability allows the group to escalate privileges on guest virtual machines, gaining unauthorized access and control. The initial …
Read More »
Rosneft is a Russian-based Oil refinery that specializes in exploration, extraction, production, refining, transport, and sale of petroleum, natural gas, and petroleum products. The German branch of Rosneft faced a cyberattack. The Legion group “Anonymous” published a statement that they were responsible for the attack and denoted that they have extracted over …
Read More »
A renowned security analyst and bug hunter, Nagli (@naglinagli), recently uncovered a critical security vulnerability in ChatGPT. With just a single click, a threat actor could easily exploit the vulnerability and gain complete control of any ChatGPT user’s account. As a result, opening the doors to sensitive data let attackers …
Read More »
InfoSecBulletin Cybersecurity for mankind