Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
- Cybersecurity News
CVE-2024-20424 (CVSS 9.9): Cisco FMC Software Vulnerability Grants Attackers Root Access
Cisco has issued a critical security advisory warning of a command injection vulnerability in its Secure Firewall Management Center (FMC) Software. Tracked as CVE-2024-20424 and assigned a CVSS score ... Read more
- Cybersecurity News
Active Exploits Target Cisco ASA and FTD VPNs: Urgent Update Needed (CVE-2024-20481)
Cisco has disclosed an actively exploited vulnerability (CVE-2024-20481) in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that could allow attackers to launch denia ... Read more
- Cybersecurity News
New WarmCookie/BadSpace Malware Targets Organizations
Cisco Talos researchers uncovered a new and highly adaptive malware family, WarmCookie, also referred to as BadSpace. This malware has been actively used since April 2024, targeting organizations acro ... Read more
- Cybersecurity News
CVE-2024-20412: Unauthorized Access to Cisco Firepower Devices via Static Credentials
Cisco has recently published a security advisory regarding a critical vulnerability in its Firepower Threat Defense (FTD) software. This vulnerability, identified as CVE-2024-20412, presents a signifi ... Read more
- Cybersecurity News
CVE-2024-20329 (CVSS 9.9): Critical Cisco ASA SSH Flaw Allows for Complete System Takeover
Cisco has issued a critical security advisory warning of a vulnerability in the SSH subsystem of its Adaptive Security Appliance (ASA) Software. This vulnerability, tracked as CVE-2024-20329 and assig ... Read more
- The Register
Samsung phone users under attack, Google warns
A nasty bug in Samsung's mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google security researc ... Read more
- Trend Micro
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
MXDR case 2: VPN compromise leading to lateral movement A VPN account compromise occurs when a malicious actor gains access to a VPN account through methods such as phishing, exploiting vulnerabilitie ... Read more
- The Register
Warning! FortiManager critical vulnerability under active attack
Fortinet has gone public with news of a critical flaw in its software management platform. The security vendor apparently began informing customers privately about the issue a few days ago but has sin ... Read more
- Dark Reading
Lazarus Group Exploits Chrome Zero-Day in Latest Campaign
Source: MAHATHIR MOHD YASIN via ShutterstockNorth Korea's infamous Lazarus Group is using a well-designed fake game website, a now-patched Chrome zero-day bug, professional LinkedIn accounts, AI-gener ... Read more
- Google Cloud
Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)
Written by: Foti Castelan, Max Thauer, JP Glab, Gabby Roncone, Tufail Ahmed, Jared Wilson Summary In October 2024, Mandiant collaborated with Fortinet to investigate the mass exploitation of FortiMana ... Read more