Security Bulletin
8 Apr 2024
Biztonsági szemle
Acuity downplays extent of data breach
Acuity has disclosed that only old and non-sensitive data had been stolen from its breached GitHub repositories amid an ongoing U.S. State Department probe into IntelBroker's claims regarding the theft and exposure of U.S. government and military...
8 Apr 2024
Biztonsági szemle
Almost 8.5M impacted by EPA data breach
Hackread reports that the U.S. Environmental Protection Agency had data from almost 8.5 million individuals exposed following a major data breach claimed to have been conducted by threat actor USDoD.
8 Apr 2024
Biztonsági szemle
E-commerce site data compromised via critical Magento flaw
Attacks leveraging an already fixed critical Magento vulnerability, tracked as CVE-2024-20720, have been launched against e-commerce websites to facilitate the distribution of a Stripe payment skimmer for financial data exfiltration, according to The...
8 Apr 2024
Biztonsági szemle
Numerous Ivanti VPN gateways impacted by RCE vulnerability
BleepingComputer reports that attacks leveraging a recently patched high-severity heap overflow vulnerability, tracked as CVE-2024-21894, could impact nearly 16,500 internet-exposed Ivanti Connect Secure and Poly Secure VPN gateways.
8 Apr 2024
Biztonsági szemle
Over 92,000 D-Link NAS devices face compromise risk
More than 92,000 outdated internet-exposed D-Link Network Attached Storage devices could be breached in attacks exploiting a newly discovered arbitrary command injection and hardcoded backdoor vulnerability, tracked as CVE-2024-3273, which could...
8 Apr 2024
Biztonsági szemle
Quantum Security and Networking are Emerging as Lifelines in Our Quantum-powered Future
A metamorphosis continues to take shape with the rise of Post-Quantum Cryptography, Quantum Key Distribution, and the brave new world of Quantum Networking.
8 Apr 2024
Biztonsági szemle
What security pros can learn about AI from the Russia-Ukraine war
Here are four insights into how security pros can judge new AI products when vendors say they were “battle-tested in Ukraine.”
8 Apr 2024
Biztonsági szemle
Toward greater transparency: Adopting the CWE standard for Microsoft CVEs
At the Microsoft Security Response Center (MSRC), our mission is to protect our customers, communities, and Microsoft from current and emerging threats to security and privacy. One way we achieve this is by determining the root cause of security...
8 Apr 2024
Biztonsági szemle
ISC Stormcast For Monday, April 8th, 2024 https://isc.sans.edu/podcastdetail/8928, (Mon, Apr 8th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
8 Apr 2024
Biztonsági szemle
A Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary], (Sun, Apr 7th)
[This is a Guest Diary by Nathaniel Jakusz, an ISC intern as part of the SANS.edu BACS program]
6 Apr 2024
Biztonsági szemle
It’s Time to Update Your Network Assurance Skills
Free access to Track 1 of the new Designing and Implementing Enterprise Network Assurance | ENNA Learning Path is available now, ahead of its full release in late April 2024.
5 Apr 2024
Biztonsági szemle
Bing ad posing as NordVPN aims to spread SecTopRAT malware
The remote access trojan creates a second hidden desktop to control the victim’s browser.