Security News

If you haven't already, stop reading and go yank your My Book Live storage device offline, lest you join the ranks of those who woke up on Thursday to find that years of data had been wiped clean on devices around the world. That was the date of the last firmware update for its My Book Live and My Book Live Duo devices, according to its advisory.

A high-severity vulnerability patched recently by Fortinet in its FortiWeb web application firewall can be exploited to execute arbitrary commands. Rey Medov, a researcher at Russian enterprise cybersecurity firm Positive Technologies, discovered that the FortiWeb firewall - specifically its management interface - is affected by a vulnerability that can allow a remote, authenticated attacker to execute commands on the system via the SAML server configuration page.

Business email compromise attacks are one of the most financially damaging cyber crimes and have been on the rise over the past year. This is according to GreatHorn report, which revealed that spoofed email accounts or websites were the most experienced form of a BEC attack as 71% of organizations acknowledged they had seen one over the past year.

Networking device manufacturer Zyxel has issued an alert to warn customers of attacks targeting a subset of security appliances that have remote management or SSL VPN enabled. In the letter sent to customers, a copy of which security researcher JAMESWT shared on Twitter, the company says that a sophisticated threat actor is targeting USG/ZyWALL, USG FLEX, ATP, and VPN series devices running on-premises ZLD firmware.

Joint Cyber Unit will create more situational awareness and guarantee preparedness to large-scale cybersecurity crises. In the EU, this has taken the form of a new Joint Cyber Unit, situated next to ENISA's offices in Brussels.

US securities industry regulator FINRA is warning brokerage firms of an ongoing phishing attack pretending to be from 'FINRA Support. FINRA is a government-authorized non-profit organization that regulates all exchange markets and securities firms publicly active in the United States.

As secure email gateways and security software become more advanced and adapt to ever-changing phishing campaigns, threat actors resort to more unusual file formats to bypass detection. In the past, phishing scams switched to unusual attachments such as ISO files or TAR files which are not commonly found as email attachments.

A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. When BIOSConnect attempts to connect to the backend Dell HTTP server to perform a remote update or recovery, it enables the system's BIOS to reach out to Dell backend services over the internet.

Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company took its systems offline. Grupo Fleury is the largest medical diagnostics company in Brazil, with over 200 service centers and more than 10,000 employees.

Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company took its systems offline. Grupo Fleury is the largest medical diagnostics company in Brazil, with over 200 service centers and more than 10,000 employees.