Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access https://firewall.firm.in/wp-content/uploads/2025/02/go.png Feb 04, 2025Ravie LakshmananVulnerability / Threat Intelligence Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB ...

LinkedIn lawsuit over use of customer data for AI models is dismissed – ET CISO https://etimg.etb2bimg.com/thumb/msid-117816125,imgsize-51252,width-1200,height=765,overlay-etciso/data-breaches/linkedin-lawsuit-over-use-of-customer-data-for-ai-models-is-dismissed.jpg A proposed class action accusing Microsoft’s LinkedIn of violating the privacy of millions of Premium customers by disclosing their private messages to train generative artificial intelligence models has been dismissed. The plaintiff Alessandro De La Torre on Thursday filed a notice of dismissal without ...

768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023 https://firewall.firm.in/wp-content/uploads/2025/02/vul.png Feb 03, 2025Ravie LakshmananVulnerability / Network Security As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as “another banner year for threat actors targeting ...

South Korea to send inquiry to China’s DeepSeek over data privacy concerns – ET CISO https://etimg.etb2bimg.com/thumb/msid-117816307,imgsize-4252,width-1200,height=765,overlay-etciso/data-breaches/south-korea-to-send-inquiry-to-chinas-deepseek-over-data-privacy-concerns.jpg Seoul, South Korea’s data protection authority plans to send an inquiry to DeepSeek, a Chinese artificial intelligence (AI) startup, amid growing concerns over the company’s data collection practices, according to officials. According to the officials, the Personal Information Protection Commission (PIPC) under the interior ...

U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network https://firewall.firm.in/wp-content/uploads/2025/02/fbi.png Feb 01, 2025Ravie LakshmananCybercrime / Fraud Prevention U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan. The action, which took place on January 29, ...

Need for healthcare-specific privacy laws to curb menace of patient data breaches – ET CISO https://etimg.etb2bimg.com/thumb/msid-117669726,imgsize-63852,width-1200,height=765,overlay-etciso/data-breaches/need-for-healthcare-specific-privacy-laws-to-curb-menace-of-patient-data-breaches.jpg Healthcare data, due to its inherently sensitive nature, demands unparalleled levels of security. Healthtech solutions have revolutionized care delivery by bridging critical gaps in accessibility, efficiency, and patient outcomes. By integrating data-driven solutions and digital tools, they improve operational efficiency and also empower patients ...

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs https://firewall.firm.in/wp-content/uploads/2025/01/git.png Jan 27, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user’s Git credentials. “Git implements a protocol called Git Credential Protocol to retrieve ...

RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations https://firewall.firm.in/wp-content/uploads/2025/01/telecom.png Jan 24, 2025Ravie LakshmananTelecom Security / Vulnerability A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The ...

US treasury breach – Chinese hackers breach Janet Yellen’s computer, accessed about 50 files – ET CISO https://etimg.etb2bimg.com/thumb/msid-117320088,imgsize-87808,width-1200,height=765,overlay-etciso/data-breaches/us-treasury-breach-chinese-hackers-breach-janet-yellens-computer-accessed-about-50-files.jpg Hackers backed by the Chinese government accessed US Treasury Secretary Janet Yellen’s computer and files, Bloomberg News has reported . The breach, discovered in December, also impacted the computers of Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith. The hackers ...

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation https://firewall.firm.in/wp-content/uploads/2025/01/root.png Jan 17, 2025Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have disclosed three security flaws in Planet Technology’s WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. “These switches are widely used in building and home automation systems for a variety of networking ...