Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control https://firewall.firm.in/wp-content/uploads/2024/08/cisco.png Aug 22, 2024Ravie LakshmananNetwork Security / Zero-Day Details have emerged about a China-nexus threat group’s exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection. The activity, attributed to Velvet Ant, was observed early this ...

HealthEquity data breach exposes protected health information – ET CISO https://etimg.etb2bimg.com/thumb/msid-111594116,imgsize-41420,width-1200,height=765,overlay-etciso/data-breaches/healthequity-data-breach-exposes-protected-health-information.jpg Healthcare fintech firm HealthEquity has disclosed a data breach following the compromise of a partner’s account, which was used to infiltrate the company’s systems and steal protected health information. The breach was identified after the company detected “anomalous behavior” from a partner’s personal device, prompting an investigation. The investigation ...

Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk https://firewall.firm.in/wp-content/uploads/2024/08/solarwinds.png Aug 22, 2024Ravie LakshmananVulnerability / Network Security SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances. “The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential ...

Personal data of nearly 8 million Angel One customers leaked online – ET CISO https://etimg.etb2bimg.com/thumb/msid-111613595,imgsize-2403626,width-1200,height=765,overlay-etciso/data-breaches/personal-data-of-nearly-8-million-angel-one-customers-leaked-online.jpg AI generated image In a major breach of user data, around 7.9 million personally identifiable information (PII) data belonging to the customers of Mumbai-based stock broking firm Angel One, was released in an online hacker portal on Tuesday. Details like names, addresses, contact numbers and ...

Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide https://firewall.firm.in/wp-content/uploads/2024/08/rfid.png Aug 22, 2024Ravie LakshmananHardware Security / Supply Chain Attack Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms and office doors. The attacks have been demonstrated against FM11RF08S, ...

Australian cyber security agency accuses China-backed hacker group of stealing user data – ET CISO https://etimg.etb2bimg.com/thumb/msid-111639830,imgsize-7046,width-1200,height=765,overlay-etciso/data-breaches/australian-cyber-security-agency-accuses-china-backed-hacker-group-of-stealing-user-data.jpg Australian cyber security agency accuses China-backed hacker group of stealing user data Cybersecurity firms backed by the Chinese authorities have been accused of stealing passwords and usernames from unnamed Australian networks in 2022, the Australian Cyber Security Centre (ACSC) reported on Tuesday. The investigation ...

Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data https://firewall.firm.in/wp-content/uploads/2024/08/ms.png Aug 21, 2024Ravie LakshmananSoftware Security / Vulnerability Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft’s Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) ...

Angel One’s data breach dates back to April 2023, company clarifies – ET CISO https://etimg.etb2bimg.com/thumb/msid-111640226,imgsize-9956,width-1200,height=765,overlay-etciso/data-breaches/angel-ones-data-breach-dates-back-to-april-2023-company-clarifies.jpg (Representative Image) Angel One has denied any fresh data breach and has assured its customers of enhanced protection measures employed by the company. In a clarification issued on Wednesday, the domestic brokerage said that a reported data breach dates back to April 2023 and was ...

It’s Time To Untangle the SaaS Ball of Yarn https://firewall.firm.in/wp-content/uploads/2024/08/main.png It’s no great revelation to say that SaaS applications have changed the way we operate, both in our personal and professional lives. We routinely rely on cloud-based and remote applications to conduct our basic functions, with the result that the only true perimeter of our networks has become the identities ...

Data of nearly all AT&T customers downloaded to a third-party platform in security breach – ET CISO https://etimg.etb2bimg.com/thumb/msid-111696831,imgsize-320540,width-1200,height=765,overlay-etciso/data-breaches/data-of-nearly-all-att-customers-downloaded-to-a-third-party-platform-in-security-breach.jpg The AT&T logo is positioned above one of its retail stores in New York, Oct. 24, 2016. A security breach in 2022 compromised the data of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators using AT&T’s wireless network, ...