In response to reports that data collected from more than 200,000 network-connected medical infusion pumps used to deliver medication and fluids to patients shows that 75% of them are are running with known security issues that hackers could exploit, cybersecurity experts commented below.
Author: ISBuzz Team
The quantity of cyber-attacks targeting the Log4Shell complex of vulnerabilities in Log4j still remains extremely high, according to new Threat Spotlight analysis from Barracuda Networks. The Log4Shell vulnerabilities have now been around for more than two months, and Barracuda researchers observed that the volume of attacks attempting to exploit these vulnerabilities has remained relatively constant, with a few dips and spikes, over the past two months. It is predicted that this attack pattern will continue, given the popularity of the software, the exploitability of the vulnerability, and the payoff when a compromise happens.
Reportedly, about 15% of small and medium-sized businesses had leased or purchased electric cars for commercial applications. However, only 77% of them believed that EVs would become victims of hackers, ransomware, and other breaches when they were hooked up to public charging stations. Zogby Analytics conducted a survey among small and medium-sized business owners to evaluate their attitudes and experiences about cybersecurity and habits. The majority of the respondents worked in the business and consulting services, retail, infrastructure and construction, and healthcare industries. The survey found that almost half of business owners were “somewhat or very concerned” about cyberattacks.
It has been reported that critical vulnerability in both GitLab Community and Enterprise Edition could enable an attacker to steal runner registration tokens. The vulnerability, which affects all versions from 12.10 to 14.6.4, all versions starting from 14.7 to 14.7.3, and all versions starting from 14.8 to 14.8.1, was announced in a security advisory from GitLab. If exploited, an unauthorized user is able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. It has been assigned a CVSS score of 9.6 and has been patched in the latest releases: 14.8.2, 14.7.4, and 14.6.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).
The quantity of cyber-attacks targeting the Log4Shell complex of vulnerabilities in Log4j still remains extremely high, according to new Threat Spotlight analysis from Barracuda Networks. The Log4Shell vulnerabilities have now been around for more than two months, and Barracuda researchers observed that the volume of attacks attempting to exploit these vulnerabilities has remained relatively constant, with a few dips and spikes, over the past two months. It is predicted that this attack pattern will continue, given the popularity of the software, the exploitability of the vulnerability, and the payoff when a compromise happens. Geographically, Barracuda Networks uncovered that 83 per cent…
In light of official figures showing that the BBC fends off an average of 383,278 email attacks every day, Industry leaders reacted below.
Twitter account of former intelligence specialist, Reality Winner was hacked over the weekend by threat actors looking to target journalists at prominent media organisations. Hackers took over Winner’s verified Twitter account and changed the profile name to “Feedback Team” to impersonate Twitter staff before sending out suspicious DMs to verified users.
The Register is reporting Samsung shipped ‘100 million’ phones with flawed encryption. Researchers at TelAviv University demonstrated a method that could compromise the hardware security of over 100 million Samsung phones. Android-based Samsung phones had been shipped with design flaws that could allow the extraction of cryptographic keys. … Samsung failed to implement Keymaster TA properly in its Galaxy S8, S9, S10, S20, and S21 phones. The researchers reverse engineered the Keymaster app and showed they could conduct an Initialization Vector (IV) reuse attack to obtain the keys from the hardware-protected key blobs. The weak crypto was also used by the researchers to bypass…
Following today’s annoucement that that sexual assaults linked to dating apps have doubled in the past 3 years. Please see a comment from cybersecurity experts.
It has been announced that GitHub has opened up its security Advisory Database to community contributions with the aim of furthering the security of the software supply chain. Independent security researchers, academics, and enthusiasts are now able to submit their own research into security vulnerabilities into the open source development platform to provide further insight into existing vulnerabilities.
