CISA Alerts: Flaws in Fortinet, Ivanti, & Nice Products Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently expanded its Known Exploited Vulnerabilities (KEV) list, highlighting three critical security flaws. This update comes with a warning, as evidence suggests these vulnerabilities are actively being exploited. The following are…
0 Comments4 Minutes
Apple M-Series Chips’ New “GoFetch” Vulnerability Exposes Secret Encryption Keys
The vulnerability, dubbed GoFetch, is related to a microarchitectural side-channel attack that targets constant-time cryptographic implementations and retrieves sensitive data from the CPU cache by utilizing a feature called data memory-dependent prefetcher (DMP). The results were communicated to…
0 Comments7 Minutes
Cybersecurity guide for small businesses in Canada.
As the digital landscape evolves, so too do the cybersecurity threats that target our information systems. For businesses, especially in the tech-centric world we now inhabit, staying ahead of these threats is not just advisable—it’s imperative. This article will delve into the latest trends…
1 Comment20 Minutes
DNS over HTTPS Gives Users a “False Sense of Security”
Businesses that use encrypted DNS over HTTPS services run the risk of creating a false feeling of security and possibly even breaking their own DNS-monitoring systems, according to a warning from the US National Security Agency (NSA). DNS over HTTPS (DoH), which shields DNS traffic between a client…
0 Comments3 Minutes
AI-Powered code scanning autofix Debuts on GitHub
On Wednesday, GitHub made the announcement that it will be making a feature on a code scanning autofix accessible in public beta for all Advanced Security clients. The purpose of this function is to make individualised recommendations in an effort to prevent the introduction of new…
0 Comments5 Minutes
Loop DoS attack has effect on thousands of different systems.
There is a new denial-of-service (Loop DoS attack) vector that has been discovered. This attack vector targets application-layer protocols that are based on User Datagram Protocol (UDP), which puts hundreds of thousands of hosts at risk. Loop denial of service attacks are a method that involves…
0 Comments5 Minutes
Alert: Ravaging AcidPour Malware Strikes Linux x86 Devices
It has been discovered that a new variation of a data-erasing malware, known as AcidPour Malware, has been discovered in the wild. This particular variant is meant to particularly target Linux x86 machines. In a series of posts on X, Juan Andres Guerrero-Saade of SentinelOne stated that the…
0 Comments3 Minutes
ChatGPT Plugins from Third Parties May Cause Account Takeovers
According to cybersecurity researchers, threat actors attempting to obtain unauthorized access to sensitive data may use third-party plugins for OpenAI ChatGPT as a new avenue of attack. New study from Salt Labs suggests that security holes in ChatGPT and its ecosystem could let attackers install…
0 Comments7 Minutes
Fortinet Identifies Severe SQL Injection Vulnerability in FortiClientEMS Software
Fortinet recently issued a warning highlighting a critical vulnerability in its FortiClientEMS software. This vulnerability poses a significant risk, potentially enabling malicious actors to execute code on affected systems, which could lead to data breaches, system downtime, and other severe…
0 Comments4 Minutes
Cybercriminals Using GitHub and AWS to deploy STRRAT Trojans and VCURMS
A Java-based downloader is being maliciously employed in a recent phishing campaign aimed at distributing remote access trojans (RATs) such as VCURMS and STRRAT. Yurren Wan, a researcher at Fortinet FortiGuard Labs, stated that “the attackers stored malware on public services like Amazon Web…
0 Comments4 Minutes