Security News

Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers. "Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5.".

The FBI has disrupted the KV botnet, used by People's Republic of China state-sponsored hackers to target US-based critical infrastructure organizations. A botnet for probing critical infrastructure organizations.

Volt Typhoon, the Chinese government-backed cyberspies whose infrastructure was at least partially disrupted by Uncle Sam, has been honing in on other US energy, satellite and telecommunications systems, according to Robert Lee, CEO of security shop Dragos. "We've been involved in incident response cases, as well as using our intelligence and capabilities to track that group and identify where they've been targeting," Lee said.

The US Justice Department and FBI may have scored a win over Chinese state-sponsored snoops trying to break into American critical infrastructure. Law enforcement obtained a court order granting them permission to "Remotely disable aspects of the Chinese hacking campaign."

GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating...

Several proof-of-concept exploits for a recently patched critical vulnerability in Jenkins have been made public and there's evidence of exploitation in the wild. Jenkins is a widely used Java-based open-source automation server that helps developers build, test and deploy applications, enabling continuous integration and continuous delivery.

In the last year, the world's critical infrastructure - the medical, power, communications, waste, manufacturing, and transportation equipment that connects people and machines - has been under near-constant attack, according to Forescout. Persistent attacks on OT. Only 35% of exploited vulnerabilities made an appearance in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities list.

Multiple proof-of-concept exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. SonarSource researchers discovered two flaws in Jenkins that could enable attacks to access data in vulnerable servers and execute arbitrary CLI commands under certain conditions.

Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to...

Cisco is warning that several of its Unified Communications Manager and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue. Cisco's Unified Communications and Contact Center Solutions are integrated solutions that provide enterprise-level voice, video, and messaging services, as well as customer engagement and management.