Sophos Firewall v22: Health Check
Securing your firewall is much easier with the new Health Check feature.
Similar Posts
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Bys sCybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. “These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full…
Hackers target Taliban databases
Bys sHabib Mohammadi reports: A group of unidentified hackers has breached the Taliban’s databases, leaking documents from 21 ministries and government agencies, some of which appear to be classified, according to reports circulating online. The leaked files reportedly include documents from the Taliban-controlled ministries of finance, justice, foreign affairs, information and culture, telecommunications, and mining, as…
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to
Guernsey medical practice sanctioned after cyber criminals access patient data through email account
Bys sitv reports: Guernsey’s Data Protection Authority (ODPA) has sanctioned First Contact Health after it failed to implement sufficient security measures to prevent a phishing attack. The cybersecurity breach saw fraudsters successfully target an employee’s email account, gaining access to confidential health data at the medical practice. First Contact Health became aware and reported the data breach……
Cyberattack on Puerto Rico IT vendor Truenorth hits 3 agencies
Bys sDysruption Hub reports: Puerto Rico officials say a Thanksgiving-week cyberattack on IT contractor Truenorth Corporation briefly disrupted systems at three major agencies but did not compromise citizen data, even as independent reporting describes a broader ransomware incident. Truenorth Corporation, an IT services firm that runs key systems for multiple Puerto Rico government agencies, was the……
Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages
Bys sThreat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA pages as lures to trick users into providing initial access to their systems, which…