Researchers say that nearly 336,000 devices exposed to the Internet remain vulnerable to a critical vulnerability in firewalls sold by Fortinet because admins have yet to install patches the company released three weeks ago. CVE-2023-27997 is a remote code execution in Fortigate VPNs, which are included in the company's firewalls. The vulnerability, which stems from a heap overflow bug, has a severity rating of 9.8 out of 10. READ MORE...
Staff at Dublin Airport have been warned that their personal data has fallen into the hands of hackers, following a data breach at a third-party service provider. Some 2000 employees of DAA, the operator of Dublin airport, have had their pay and benefit details stolen after cybercriminals exploited a vulnerability in the MOVEit - a file-transfer tool used by many businesses to transfer files. READ MORE...
The Port of Nagoya, the largest and busiest port in Japan, has been targeted in a ransomware attack that currently impacts the operation of container terminals. The port accounts for roughly 10% of Japan's total trade volume. It operates 21 piers and 290 berths. It handles over two million containers and cargo tonnage of 165 million every year. The port is also used by the Toyota Motor Corporation, one of the world's largest automakers, to export most of its cars. READ MORE...
The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student assaults, psychiatric hospitalizations, abusive parents, truancy. "Please do something," begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep. READ MORE...
A hacking crew with a history of blending politics and criminal activities claimed on Saturday to have "targeted various satellite receivers and industrial control systems around the country, particularly in states banning gender affirming care." SiegedSec claimed that part of its most recent attack included "a delicious supply chain attack," which allowed the group to "control" multiple companies' "accounts used for monitoring satellite receivers, VSATs, VOIP services, etc." READ MORE...
Infosec outfit Checkpoint says it's spotted a Chinese actor targeting diplomatic facilities around Europe. Checkpoint has dubbed the campaign "SmugX" thanks to its use of HTML smuggling to deploy the PlugX remote access trojan. HTML smuggling is a method of attack that places malicious artefacts in a web page, so that they download when a human visits the site. It can be an effective attack because defenses don't focus on finding threats in traffic to browsers. READ MORE...
Mozilla on Tuesday announced the release of Firefox 115 to the stable channel with patches for a dozen vulnerabilities, including two high-severity use-after-free bugs. Tracked as CVE-2023-37201, the first of the high-severity issues is described as a use-after-free flaw in WebRTC certificate generation. An open source project, WebRTC enables real-time communication in web browsers and mobile applications, via application programming interfaces (APIs). READ MORE...
If you run a WordPress site with the Ultimate Members plugin installed, make sure you've updated it to the latest version. Over the weekend, the plugin's creator published version 2.6.7, which is supposed to patch a serious security hole, described by user @softwaregeek on the WordPress support site as follows: A critical vulnerability in the plugin (CVE-2023-3460) allows an unauthenticated attacker to register as an administrator and take full control of the website. READ MORE...
Even if you haven't heard of the venerable Ghostscript project, you may very well have used it without knowing. Alternatively, you may have it baked into a cloud service that you offer, or have it preinstalled and ready to go if you use a package-based software service such as a BSD or Linux distro, Homebrew on a Mac, or Chocolatey on Windows. Ghostscript is a free and open-source implementation of Adobe's widely-used PostScript document composition system and its PDF file format. READ MORE...