A significant security vulnerability has been identified within the decentralized social network Mastodon, enabling attackers to impersonate any user and seize control of their accounts. The issue stems from inadequate origin validation, as stated in a recent advisory from Mastodon’s maintainers. This vulnerability, cataloged as CVE-2024-23832, carries a severity score…
SolarWinds, a Texas-based supplier of enterprise monitoring software, has acknowledged a major cybersecurity incident linked to a compromised version of its Orion products. Up to 18,000 customers, including numerous Fortune 500 companies and U.S. military branches, may have implemented this affected software, raising significant alarm across various sectors. This revelation…
In a significant enforcement action under the European Union’s General Data Protection Regulation (GDPR), France’s data protection authority, CNIL, has imposed a €50 million (approximately $57 million) fine on Google. This marks the first major penalty levied under the GDPR since its implementation in May 2018. The CNIL cited “lack…
Growing Concerns Over AI Vulnerabilities in the UK: NCSC Warns of Prompt Injection Risks The National Cyber Security Centre (NCSC) has issued a significant warning regarding a misunderstanding that could expose UK organizations to serious data breaches. As generative AI technologies continue to proliferate, many developers and cybersecurity professionals are…
Mass Exploitation of SSRF Vulnerability in Ivanti Products A significant server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure and Policy Secure products has been widely exploited. Recent reports indicate that attacks are emanating from over 170 distinct IP addresses, indicating a coordinated effort to establish unauthorized access, including reverse…
The ongoing investigation into the SolarWinds breach continues to reveal the intricate tactics employed by the attackers who infiltrated the company’s internal systems and manipulated its software update processes. This meticulous and well-coordinated supply chain attack appears to have been in the making since at least October 2019, when the…
The Space Bears ransomware group has announced that it has acquired internal documents from Comcast by taking advantage of a breach at Quasar Inc., a telecommunications engineering firm located in Georgia. This information surfaced on the group’s dark web leak site, which notably lists Quasar as a separate victim, suggesting…
In a recent announcement, Airbus, the European aerospace manufacturer, confirmed a data breach that affected its Commercial Aircraft business information systems, leading to the unauthorized access of certain employee personal data. While the specifics of the breach have not been fully disclosed, Airbus indicated that the hack does not impact…
Pharma Firm Inotiv Confirms Data Breach Following Ransomware Attack In a significant cybersecurity incident, pharmaceutical company Inotiv has reported a data breach that was triggered by a recent ransomware attack. The company disclosed the breach to its stakeholders, emphasizing its commitment to investigating the potential impact on sensitive information. This…
