Skip to main content

Security Bulletin

<p>23andMe said users who &#8220;negligently recycled&#8221; their passwords are to blame for the data leak that affected 6.9 million 23andMe customers in October. (Eric Baradat/AFP via Getty Images)</p>
4 Jan 2024
Biztonsági szemle

23andMe says users’ bad password hygiene to blame for leak affecting 6.9M

The ancestry and biotech company company said victims “were not affected by any security breach” under California’s privacy law.
scmagazine.com
Read more
Firefighters are working at the site of a residential building that was heavily damaged during a Russian missile attack this morning in Kyiv, Ukraine, on January 2, 2024.
4 Jan 2024
Biztonsági szemle

Ukraine: Russia hacked webcams to aid missile, drone strikes on Kyiv

Security pros say compromising IoT devices, as well as industrial control and operational tech, is an effective tactic in modern warfare.
scmagazine.com
Read more
4 Jan 2024
Biztonsági szemle

Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns

If Ukraine's core telephone network can be taken out, organizations in the West could easily be next, Ukraine's SBU chief says.
darkreading.com
Read more
LastPass website under a magnifying glass. LastPass is a freemium password manager that stores encrypted passwords online.
4 Jan 2024
Biztonsági szemle

LastPass to enforce a 12-character requirement for master passwords

Security pros say while the 12-character requirement by LastPass is a step in the right direction, teams still need to enforce multi-factor authentication and practice continuous monitoring.
scmagazine.com
Read more
4 Jan 2024
Biztonsági szemle

Administrator Account For Middle East Internet Registry Hacked

The compromise reportedly led to corruption in the routing of a Spanish telecom provider's network.
darkreading.com
Read more
4 Jan 2024
Biztonsági szemle

Mandiant's X (Twitter) Account Hacked to Promote Crypto Scam

The hours-long breach — since resolved — directed users to a suspicious website as attackers posing as crypto-wallet service Phantom took over the feed of the Google subsidiary.
darkreading.com
Read more
4 Jan 2024
Biztonsági szemle

Wireshark updates, (Thu, Jan 4th)

The Wireshark Foundation has released 3 new versions of its popular network protocol analyzer. They are versions 4.2.1&#xc2;&#xa0;(which fixes 5 CVEs and a number of other bugs), 4.0.12&#xc2;&#xa0;(2 CVEs &#x2b; additional...
isc.sans.edu
Read more
ISC Knowledge Base
4 Jan 2024
Biztonsági szemle

EDNS Client Subnet (ECS) for Resolver Operators - Getting Started

ISC has implemented EDNS Client Subnet (ECS) for Resolvers in the BIND Supported Preview (-S) edition. This feature is not available in public (Open Source) BIND. BIND does not have an authoritative ECS feature At one time, BIND did offer an...
kb.isc.org
Read more
4 Jan 2024
Biztonsági szemle

Navigating the New Age of Cybersecurity Enforcement

The SolarWinds SEC lawsuit illuminates the potential risks faced by CISOs and other cybersecurity executives.
darkreading.com
Read more
4 Jan 2024
Biztonsági szemle

'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month

A new threat actor just concluded a month and a half of two major leaks per day. Now comes phase two: follow-on attacks.
darkreading.com
Read more
4 Jan 2024
Biztonsági szemle

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems (ICS) advisories on January 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-004-01 Rockwell Automation...
cisa.gov
Read more
4 Jan 2024
Biztonsági szemle

Rockwell Automation FactoryTalk Activation

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Activation Manager Vulnerabilities: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of...
cisa.gov
Read more
Language
Audience