Government has a google chrome warning for Windows and Mac users – ET CISO https://etimg.etb2bimg.com/thumb/msid-117592387,imgsize-57114,width-1200,height=765,overlay-etciso/data-breaches/government-has-a-google-chrome-warning-for-windows-and-mac-users.jpg India’s cybersecurity watchdog, CERT-In, has warned about two vulnerabilities in the popular Google Chrome browser that hackers can exploit. These new warnings are for Chrome users mostly across Mac, PC and laptop platforms and not that much for smartphone users. These vulnerabilities can allow attackers ...

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation https://firewall.firm.in/wp-content/uploads/2025/02/cisa.png Feb 26, 2025Ravie LakshmananEnterprise Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in ...

DeepSeek removed from app stores in South Korea amid data privacy concerns – ET CISO https://etimg.etb2bimg.com/thumb/msid-118319182,imgsize-22150,width-1200,height=765,overlay-etciso/data-breaches/deepseek-removed-from-app-stores-in-south-korea-amid-data-privacy-concerns.jpg Chinese AI app, DeepSeek, has been removed from South Korean app stores pending a review of how it handles user data. According to news agency AFP, Choi Jang-hyuk, vice chairperson of Seoul’s Personal Information Protection Commission, told a press conference that DeepSeek has been ...

LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile https://firewall.firm.in/wp-content/uploads/2025/02/spyware.png Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that’s capable of infecting ...

California students take legal action against US education department over massive data breach – ET CISO https://etimg.etb2bimg.com/thumb/msid-118162922,imgsize-119596,width-1200,height=765,overlay-etciso/data-breaches/california-students-take-legal-action-against-us-education-department-over-massive-data-breach.jpg A coalition of California college students has filed a lawsuit against the US Department of Education accusing an oversight task force associated with tech magnate Elon Musk of unlawfully accessing confidential student financial records. The legal petition spearheaded by the University of California ...

Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software https://firewall.firm.in/wp-content/uploads/2025/02/PaloAlto-Networks.png Feb 13, 2025Ravie LakshmananNetwork Security / Vulnerability Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access ...

PayPal agrees to pay $2 million to settle for this data breach – ET CISO https://etimg.etb2bimg.com/thumb/msid-117619031,imgsize-20694,width-1200,height=765,overlay-etciso/data-breaches/paypal-agrees-to-pay-2-million-to-settle-for-this-data-breach.jpg PayPal has agreed to pay a $2 million fine to New York State for failing to comply with cybersecurity regulations. This led to a data breach in 2022 that exposed the personal information of 35,000 customers. The New York Department of Financial Services (DFS) ...

Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access https://firewall.firm.in/wp-content/uploads/2025/02/go.png Feb 04, 2025Ravie LakshmananVulnerability / Threat Intelligence Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB ...

LinkedIn lawsuit over use of customer data for AI models is dismissed – ET CISO https://etimg.etb2bimg.com/thumb/msid-117816125,imgsize-51252,width-1200,height=765,overlay-etciso/data-breaches/linkedin-lawsuit-over-use-of-customer-data-for-ai-models-is-dismissed.jpg A proposed class action accusing Microsoft’s LinkedIn of violating the privacy of millions of Premium customers by disclosing their private messages to train generative artificial intelligence models has been dismissed. The plaintiff Alessandro De La Torre on Thursday filed a notice of dismissal without ...

768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023 https://firewall.firm.in/wp-content/uploads/2025/02/vul.png Feb 03, 2025Ravie LakshmananVulnerability / Network Security As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as “another banner year for threat actors targeting ...