Read Time:6 Second
This high-severity flaw, dubbed FortiJump by security researcher Kevin Beaumont, has been added to CISA’s KEV catalog
UK Government Introduces New Data Governance Legislation
Read Time:8 Second
The Data (Use and Access) Bill governs digital verification services and the use of personal data in public services, and will revamp the Information Commissioner’s Office
Cybersecurity Teams Largely Ignored in AI Policy Development
Read Time:6 Second
A new ISACA study has revealed that cybersecurity professionals are often overlooked in the development of AI policies
UK Government Urges Organizations to Get Cyber Essentials Certified
Read Time:7 Second
On the 10th anniversary since Cyber Essentials was introduced, the UK government has highlighted the impact the scheme has had in preventing attacks
ZDI-24-1422: Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-8025.
Smashing Security podcast #390: When security firms get hacked, and your new North Korean remote worker
Read Time:20 Second
The SolarWinds have returned to haunt four cybersecurity companies who tried to hide their breaches and ended up with their trousers around their ankles, and North Korea succeeds in getting one of its IT workers hired… but what’s their plan?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
A Vulnerability in Fortinet FortiManager Could Allow for Remote Code Execution
Read Time:30 Second
A vulnerability has been discovered in Fortinet FortiManager which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Are Automatic License Plate Scanners Constitutional?
Read Time:38 Second
An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers.
“The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored in an AI-assisted database that enables the warrantless surveillance of their every move. This civil rights lawsuit seeks to end this dragnet surveillance program,” the lawsuit notes. “In Norfolk, no one can escape the government’s 172 unblinking eyes,” it continues, referring to the 172 Flock cameras currently operational in Norfolk. The Fourth Amendment protects against unreasonable searches and seizures and has been ruled in many cases to protect against warrantless government surveillance, and the lawsuit specifically says Norfolk’s installation violates that.”
New Malware WarmCookie Targets Users with Malicious Links
Read Time:4 Second
WarmCookie malware, aka BadSpace, spreads via malspam, malvertising and enables persistent access
Embargo Ransomware Gang Deploys Customized Defense Evasion Tools
Read Time:6 Second
The recently discovered Embargo ransomware group is using Rust-based custom tools to overcome victims’ security defenses, ESET researchers have observed