TETRA:BURST — 5 New Vulnerabilities Exposed in Widely Used Radio Communication System

TETRA:BURST — 5 New Vulnerabilities Exposed in Widely Used Radio Communication System,

A set of five security vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard for radio communication used widely by government entities and critical infrastructure sectors, including what’s believed to be an intentional backdoor that could have potentially exposed sensitive information.
The issues, discovered by Midnight Blue in 2021 and held back until now, have

,

A set of five security vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard for radio communication used widely by government entities and critical infrastructure sectors, including what’s believed to be an intentional backdoor that could have potentially exposed sensitive information.
The issues, discovered by Midnight Blue in 2021 and held back until now, have

, ,
https://thehackernews.com/2023/07/tetraburst-5-new-vulnerabilities.html

How MDR Helps Solve the Cybersecurity Talent Gap

How MDR Helps Solve the Cybersecurity Talent Gap,

How do you overcome today’s talent gap in cybersecurity? This is a crucial issue — particularly when you find executive leadership or the board asking pointed questions about your security team’s ability to defend the organization against new and current threats.
This is why many security leaders find themselves turning to managed security services like MDR (managed detection and response),

,

How do you overcome today’s talent gap in cybersecurity? This is a crucial issue — particularly when you find executive leadership or the board asking pointed questions about your security team’s ability to defend the organization against new and current threats.
This is why many security leaders find themselves turning to managed security services like MDR (managed detection and response),

, ,
https://thehackernews.com/2023/07/how-mdr-helps-solve-cybersecurity.html

Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo

Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo,

Atlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems.
The list of the flaws is below –

CVE-2023-22505 (CVSS score: 8.0) – RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 8.3.2 and

,

Atlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems.
The list of the flaws is below –

CVE-2023-22505 (CVSS score: 8.0) – RCE (Remote Code Execution) in Confluence Data Center and Server (Fixed in versions 8.3.2 and

, ,
https://thehackernews.com/2023/07/atlassian-releases-patches-for-critical.html

Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation

Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation,

Ivanti is warning users to update their Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core) to the latest version that fixes an actively exploited zero-day vulnerability.
Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access vulnerability that impacts currently supported version 11.4 releases 11.10, 11.9, and 11.8 as

,

Ivanti is warning users to update their Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core) to the latest version that fixes an actively exploited zero-day vulnerability.
Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access vulnerability that impacts currently supported version 11.4 releases 11.10, 11.9, and 11.8 as

, ,
https://thehackernews.com/2023/07/ivanti-releases-urgent-patch-for-epmm.html

Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs

Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs,

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild.
Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management.
« 

,

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild.
Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially. The company said it was addressed with improved state management.
« 

, ,
https://thehackernews.com/2023/07/apple-rolls-out-urgent-patches-for-zero.html

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks,

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks.
The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and

,

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks.
The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and

, ,
https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html

Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol,

Google has announced that it intends to add support for Message Layer Security (MLS) to its Messages service for Android and open source implementation of the specification.
« Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform, » Giles Hogben, privacy engineering

,

Google has announced that it intends to add support for Message Layer Security (MLS) to its Messages service for Android and open source implementation of the specification.
« Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform, » Giles Hogben, privacy engineering

, ,
https://thehackernews.com/2023/07/google-messages-getting-cross-platform.html

How to Protect Patients and Their Privacy in Your SaaS Apps

How to Protect Patients and Their Privacy in Your SaaS Apps,

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the United States during the first quarter of this year. That follows 707 incidents a year ago, during which over 50 million records were

,

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the United States during the first quarter of this year. That follows 707 incidents a year ago, during which over 50 million records were

, ,
https://thehackernews.com/2023/07/how-to-protect-patients-and-their.html

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection,

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions.
« This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent, » Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

,

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions.
« This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent, » Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

, ,
https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html

Banking Sector Targeted in Open-Source Software Supply Chain Attacks

Banking Sector Targeted in Open-Source Software Supply Chain Attacks,

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector.
« These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it, » Checkmarx said in a report published last week.
« The attackers

,

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector.
« These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it, » Checkmarx said in a report published last week.
« The attackers

, ,
https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html