Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products

Critical Patches Issued for Cisco Expressway Series, TelePresence VCS Products,

Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code.
The two flaws – tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS scores: 9.0) – relate to an arbitrary file write and a

,

Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server (VCS) that could be exploited by an attacker to gain elevated privileges and execute arbitrary code.
The two flaws – tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS scores: 9.0) – relate to an arbitrary file write and a

, ,
https://thehackernews.com/2022/03/critical-patches-issued-for-cisco.html

How to Automate Offboarding to Keep Your Company Safe

How to Automate Offboarding to Keep Your Company Safe,

In the midst of ‘The Great Resignation,’ the damage from employees (or contractors) leaving an organization might be one of the greatest risks facing IT teams today. The reality is that in the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life. 
When employee counts range into the five-figure territory — and entire networks of contractors have to be

,

In the midst of ‘The Great Resignation,’ the damage from employees (or contractors) leaving an organization might be one of the greatest risks facing IT teams today. The reality is that in the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life. 
When employee counts range into the five-figure territory — and entire networks of contractors have to be

, ,
https://thehackernews.com/2022/03/how-to-automate-offboarding-to-keep.html

Ukraine : malwares, sabotage et espionnage, la guerre s’intensifie également dans le cyberespace

Ukraine : malwares, sabotage et espionnage, la guerre s’intensifie également dans le cyberespace,

Sabotage, attaques par déni de services distribué, portes dérobées, espionnage… Désormais, tous les coups sont permis dans ce conflit armé.

,

Sabotage, attaques par déni de services distribué, portes dérobées, espionnage… Désormais, tous les coups sont permis dans ce conflit armé.

, ,
https://www.01net.com/actualites/ukraine-malwares-sabotage-et-espionnage-la-guerre-s-intensifie-egalement-dans-le-cyberespace-2055228.html

Hackers Who Broke Into NVIDIA’s Network Leak DLSS Source Code Online

Hackers Who Broke Into NVIDIA’s Network Leak DLSS Source Code Online

,

American chipmaking company NVIDIA on Tuesday confirmed that its network was breached as a result of a cyber attack, enabling the perpetrators to gain access to sensitive data, including source code purportedly associated with its Deep Learning Super Sampling (DLSS) technology.
« We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the

,

American chipmaking company NVIDIA on Tuesday confirmed that its network was breached as a result of a cyber attack, enabling the perpetrators to gain access to sensitive data, including source code purportedly associated with its Deep Learning Super Sampling (DLSS) technology.
« We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the

, ,
https://thehackernews.com/2022/03/hackers-who-broke-into-nvidias-network.html

Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities

Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities,

An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation.
« These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or

,

An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation.
« These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or

, ,
https://thehackernews.com/2022/03/report-nearly-75-of-infusion-pumps.html

U.S. Senate Passes Cybersecurity Bill to Strengthen Critical Infrastructure Security

U.S. Senate Passes Cybersecurity Bill to Strengthen Critical Infrastructure Security,

The U.S. Senate unanimously passed the « Strengthening American Cybersecurity Act » on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country.
The new bipartisan legislation, among other things, stipulates entities that experience a cyber incident to report the attacks within 72 hours to the U.S. Cybersecurity and Infrastructure Security Agency (CISA),

,

The U.S. Senate unanimously passed the « Strengthening American Cybersecurity Act » on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country.
The new bipartisan legislation, among other things, stipulates entities that experience a cyber incident to report the attacks within 72 hours to the U.S. Cybersecurity and Infrastructure Security Agency (CISA),

, ,
https://thehackernews.com/2022/03/us-senate-passes-cybersecurity-bill-to.html

Hackers Try to Target European Officials to Get Info on Ukrainian Refugees, Supplies

Hackers Try to Target European Officials to Get Info on Ukrainian Refugees, Supplies,

Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what’s seen as an attempt to obtain intelligence on refugee and supply movement in the region.
Enterprise security company Proofpoint, which detected the malicious emails for the first time on February 24, 2022, dubbed the social engineering attacks « Asylum

,

Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what’s seen as an attempt to obtain intelligence on refugee and supply movement in the region.
Enterprise security company Proofpoint, which detected the malicious emails for the first time on February 24, 2022, dubbed the social engineering attacks « Asylum

, ,
https://thehackernews.com/2022/03/hackers-try-to-hack-european-officials.html

Nvidia, victime d’un énorme piratage, semble à la merci de ses hackers

Nvidia, victime d’un énorme piratage, semble à la merci de ses hackers,

Les pirates multiplient les revendications face à Nvidia tout en s’acoquinant avec la communauté des mineurs de cryptomonnaie. Une situation plutôt complexe à gérer pour l’entreprise américaine.

,

Les pirates multiplient les revendications face à Nvidia tout en s’acoquinant avec la communauté des mineurs de cryptomonnaie. Une situation plutôt complexe à gérer pour l’entreprise américaine.

, ,
https://www.01net.com/actualites/nvidia-a-bel-et-bien-ete-victime-d-un-enorme-piratage-2055210.html

Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks

Hackers Begin Weaponizing TCP Middlebox Reflection for Amplified DDoS Attacks,

Distributed denial-of-service (DDoS) attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory.
« The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS

,

Distributed denial-of-service (DDoS) attacks leveraging a new amplification technique called TCP Middlebox Reflection have been detected for the first time in the wild, six months after the novel attack mechanism was presented in theory.
« The attack […] abuses vulnerable firewalls and content filtering systems to reflect and amplify TCP traffic to a victim machine, creating a powerful DDoS

, ,
https://thehackernews.com/2022/03/hackers-begin-weaponizing-tcp-middlebox.html

LIVE Webinar: Key Lessons Learned from Major Cyberattacks in 2021 and What to Expect in 2022

LIVE Webinar: Key Lessons Learned from Major Cyberattacks in 2021 and What to Expect in 2022,

With the COVID-19 pandemic continuing to impact, and perhaps permanently changing, how we work, cybercriminals again leveraged the distraction in new waves of cyberattacks.
Over the course of 2021 we saw an increase in multiple attack approaches; some old, some new. Phishing and ransomware continued to grow from previous years, as expected, while new attacks on supply chains and

,

With the COVID-19 pandemic continuing to impact, and perhaps permanently changing, how we work, cybercriminals again leveraged the distraction in new waves of cyberattacks.
Over the course of 2021 we saw an increase in multiple attack approaches; some old, some new. Phishing and ransomware continued to grow from previous years, as expected, while new attacks on supply chains and

, ,
https://thehackernews.com/2022/03/live-webinar-key-lessons-learned-from.html