Potential Tag

Microsoft Unveils 'Security Copilot' Tool to Boost Cybersecurity Efforts.   Microsoft has launched a new tool designed to help cyber security professionals detect and identify breaches and threat signals more efficiently. Called 'Security Copilot', the tool is powered by OpenAI's latest GPT-4 generative artificial intelligence model. Its primary function is to aid security analysts in tasks such as summarising incidents, analysing vulnerabilities, and sharing information with colleagues...

Read More

Aruba Networks Releases Patches for Eight Vulnerabilities in ClearPass Policy Manager Software.   Aruba Networks, a leading provider of network access enforcement solutions, has recently disclosed a set of patches to address eight vulnerabilities in its ClearPass Policy Manager software. The software is used to enforce unified network access across wireless, wired, and VPN networks.   The most severe vulnerability, CVE-2023-25589, was discovered by New Zealander pentester Daniel Jensen....

Read More

LastPass Breach Resulted from Failure to Update Plex Software.   A recent breach at LastPass, a popular password management service, has been attributed to the failure of one of its engineers to update Plex software on their home computer. This serves as a reminder of the importance of keeping software up-to-date to avoid potential security risks.   The breach occurred when unidentified actors leveraged information stolen from a previous...

Read More

Today marks a significant milestone in the cyber threat landscape, as the first publicly known malware capable of bypassing Secure Boot defenses has been discovered. Dubbed BlackLotus, the stealthy Unified Extensible Firmware Interface (UEFI) bootkit is being offered for sale at $5,000 and is programmed in Assembly and C.   According to ESET, a Slovak cybersecurity company, BlackLotus is capable of running on fully up-to-date Windows 11...

Read More

The security of Fortinet FortiNAC appliances is under attack, with proof-of-concept exploit code now available and active exploitation attempts in the wild.   FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual machine appliance, and is used for network segmentation, visibility, and control of devices and users connected to the network. With more than 700,000 Fortinet...

Read More

Medibank has suffered a financial blow of up to $45 million as a result of a security breach in October.   The attack saw an intruder gain access to the insurer's systems using a misconfigured firewall, bypassing the need for a digital security certificate. In response, Medibank has implemented additional security measures, including increased internal and third-party monitoring, and re-examining data management in light of potential changes...

Read More

Have the Bad Guys done a number on the Good Guys?   The Good Guys has become the latest company to reveal that its customers have been affected by a data breach that occurred at My Rewards - a 3rd part loyalty program provider.   The breach, which occurred in August 2021, exposed limited customer data such as names, addresses, phone numbers and email addresses. In some cases, an...

Read More
Wireless IIoT Device Vulnerabilities Pose Risk to Critical Infrastructure

A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. "Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks," Israeli...

Read More