Maximum-severity vuln lets unauthenticated attackers execute code on trusted infra management platform Hewlett Packard Enterprise has told customers to drop whatever they’re doing and patch OneView after admitting a maximum-severity bug could let attackers run code on the management platform without so much as a login prompt.… READ MORE HERE…
Beijing wants to ‘seize the initiative in the international competition in cyberspace’ Chinese authorities on Thursday certified the China Environment for Network Innovation (CENI), a vast research network that Beijing hopes will propel the country to the forefront of networking research.… READ MORE HERE…
‘Within 10 minutes of gaining initial access, crypto miners were operational’ Your AWS account could be quietly running someone else’s cryptominer. Cryptocurrency thieves are using stolen Amazon account credentials to mine for coins at the expense of AWS customers, abusing their Elastic Container Service (ECS) and their Elastic Compute Cloud (EC2) resources, in an ongoing operation that started on November 2.… READ MORE HERE…
No timeline for a patch Suspected Chinese-government-linked threat actors have been battering a maximum-severity Cisco AsyncOS zero-day vulnerability in some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances for nearly a month, and there’s no timeline for a fix.… READ MORE HERE…
Regulator makes various additional demands over alleged cybersecurity failings In proposing a settlement agreement, the Federal Trade Commission (FTC) says that Illusory Systems must repay users funds lost in a 2022 cyberattack.… READ MORE HERE…
Misconfigured servers are in, 0-days out Chinese espionage crew Ink Dragon has expanded its snooping activities into European government networks, using compromised servers to create illicit relay nodes for future operations.… READ MORE HERE…
All I want for Christmas … is all of your data A new, modular infostealer called SantaStealer, advertised on Telegram with a basic tier priced at $175 per month, promises to make criminals’ Christmas dreams come true. It boasts that it can run “fully undetected” even on systems with the “strictest AntiVirus” and those belonging to governments, financial institutions, and other prime targets.… READ MORE HERE…
PwC supports clients across the full cyber lifecycle Sponsored Post Managing cybersecurity risk has never been simple, but in today’s threat landscape it can also become a source of strength. PwC believes that AI is now central to that transformation, helping organizations not just react faster to attacks, but evolve their defences with greater confidence.… READ MORE HERE…
Who hasn’t exploited this max-severity flaw? At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking the React2Shell, a maximum-severity flaw in the widely used React JavaScript library, according to Google.… READ MORE HERE…
PLUS: Drugs found in ink cartridges; Chinse censorship fighters criticize Vultr; Coupang CEO resigns; And more! Asia In Brief A SpaceX executive has claimed that a Chinese satellite launch came within 200 meters of hitting a Starlink satellite.… READ MORE HERE…