CISA Advisory Healthcare INFINITT PACS
Alert Code: ICSMA-25-100-01 Read more at CISA.
CISA warns of latest Ivanti firewall bug being exploited by suspected Chinese hackers
The Record reports: Another vulnerability impacting firewall products from Ivanti is being exploited by alleged China-based hackers. An Ivanti advisory released on Thursday confirmed that a “limited number of customers” have been attacked through a bug impacting its Connect Secure, Policy Secure & ZTA Gateways tools — which are used by large organizations and government clients to […]
Palo Alto Networks warns of another firewall vulnerability under attack by hackers
TechCrunch reports: U.S. cybersecurity giant Palo Alto Networks has warned that hackers are exploiting another vulnerability in its firewall software to break into unpatched customer networks. Attackers are exploiting a recently disclosed vulnerability in PAN-OS, the operating system that runs Palo Alto Networks firewalls, the California-based company confirmed on Tuesday. Cybersecurity firm Assetnote first discovered the vulnerability, […]
Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers
GBHackers reports that researchers have uncovered malware targeting WordPress websites, leveraging hidden backdoors to enable remote code execution (RCE): One notable case involved attackers embedding malicious scripts within the Must-Use Plugins (mu-plugins) directory, a special WordPress folder that automatically loads plugins on every page load without requiring activation. By placing obfuscated PHP code in this directory, attackers […]
China-linked APT Salt Typhoon has breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices.
Security Affairs reports: China-linked APT group Salt Typhoon is still targeting telecommunications providers worldwide, and according to a new report published by Recorded Future’s Insikt Group, the threat actors has breached more U.S. telecommunications providers by exploiting unpatched Cisco IOS XE network devices. Insikt Group researchers reported that the Chinese hacked have exploited two Cisco flaws, tracked […]
Abandoned AWS Cloud Storage: A Major Cyberattack Vector
Everything old is exploitable again? DarkReading reports: Abandoned cloud storage buckets present a major, but largely overlooked, threat to Internet security, new research has shown. The risks arise when bad actors discover and re-register these neglected digital repositories under their original name, and then use them to deliver malware or carry out other malicious actions […]
Android users must update their phones now over bugs that allow hackers to bypass passwords and hijack devices
Mobile phone owners are strongly advised to install the latest security update ASAP The Irish Sun reports: ANDROID users have been told to update their phones immediately to fix two bugs that allowed hackers to hijack devices. One bug, which meant hackers could install malware or steal files from devices without even needing a password, […]
FDA, CISA warn of backdoor in popular patient monitor used by US hospitals
The Record reports: Federal agencies are warning hospitals of a backdoor discovered in a popular line of patient monitors sold by Chinese company Contec. The Cybersecurity and Infrastructure Security Agency (CISA) and Food and Drug Administration (FDA) released warnings on Thursday about an embedded function they found in the firmware of the Contec CMS8000 — […]
SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances
Researchers from Microsoft Threat Intelligence alerted the company to suspected threat activity. Cybersecurity Dive reports: SonicWall issued an alert Friday that a critical remote code execution vulnerability in its SMA appliances is under active exploitation by malicious hackers and urged customers to immediately update any vulnerable firmware. Researchers from Microsoft Threat Intelligence had warned SonicWall about the […]
ChatGPT API flaw could allow DDoS, prompt injection attacks
Another day, another vulnerability. CSO Online reports that a researcher discovered an OpenAI development oversight that could allow attackers to launch DDoS attacks on unsuspecting victims: OpenAI-owned ChatGPT might have a vulnerability that could allow threat actors to launch distributed denial of service (DDoS) attacks on unsuspecting targets. According to a discovery made by German security researcher […]