Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption https://firewall.firm.in/wp-content/uploads/2025/01/NET.png Jan 03, 2025Ravie LakshmananDevOps / Software Development Microsoft has announced that it’s making an “unexpected change” to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. “We expect that most users will not be directly affected, however, ...

Chinese hack of US treasury breached sanctions office: Report – ET CISO https://etimg.etb2bimg.com/thumb/msid-116871307,imgsize-726250,width-1200,height=765,overlay-etciso/data-breaches/chinese-hack-of-us-treasury-breached-sanctions-office-report.jpg Chinese government hackers breached the U.S. Treasury office that administers economic sanctions, the Washington Post reported on Wednesday, identifying targets of a cyberattack Treasury disclosed earlier this week. Citing unnamed U.S. officials, the Washington Post said hackers compromised the Office of Foreign Assets Control and the Office ...

Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them https://firewall.firm.in/wp-content/uploads/2025/01/cs.png Jan 02, 2025The Hacker NewsCloud Security / Threat Intelligence In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate ...

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation https://firewall.firm.in/wp-content/uploads/2024/12/main.png Cybersecurity researchers have uncovered three security weaknesses in Microsoft’s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. “Exploiting these flaws could allow attackers to gain ...

7 things you should never-ever tell or ask from ChatGPT and other AI chatbots – ET CISO https://etimg.etb2bimg.com/thumb/msid-116784851,imgsize-754550,width-1200,height=765,overlay-etciso/data-breaches/7-things-you-should-never-ever-tell-or-ask-from-chatgpt-and-other-ai-chatbots.jpg While chatbots may appear to be helpful and reliable assistants, experts caution against becoming too reliant on them, particularly for sensitive information like health advice. Recent surveys highlight a growing trend of people turning to AI for such guidance. According to a ...

Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents https://firewall.firm.in/wp-content/uploads/2024/12/chinesehackers.png Dec 31, 2024Ravie LakshmananVulnerability / Incident Response The United States Treasury Department said it suffered a “major cybersecurity incident” that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. “On December 8, 2024, Treasury was notified by a third-party software service provider, ...

Chinese hackers breach US treasury; third-party alert triggers cybersecurity probe – ET CISO https://etimg.etb2bimg.com/thumb/msid-116817644,imgsize-886682,width-1200,height=765,overlay-etciso/data-breaches/chinese-hackers-breach-us-treasury-third-party-alert-triggers-cybersecurity-probe.jpg The US treasury department revealed on Monday that Chinese hackers managed to access several workstations and unclassified documents by breaching a third-party software service provider. The attack occurred earlier this month and is now being investigated as a major cybersecurity incident. The Treasury did not reveal ...

New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy https://firewall.firm.in/wp-content/uploads/2024/12/data.png Dec 31, 2024Ravie LakshmananData Security / Privacy The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens’ personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, ...

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials https://firewall.firm.in/wp-content/uploads/2024/12/router.png Dec 28, 2024Ravie LakshmananVulnerability / Threat Intelligence A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting ...

Data-loss prevention company cyberhaven hit by breach, statement says – ET CISO https://etimg.etb2bimg.com/thumb/msid-116731150,imgsize-79476,width-1200,height=765,overlay-etciso/data-breaches/data-loss-prevention-company-cyberhaven-hit-by-breach-statement-says.jpg FILE PHOTO: Miniatures of people with computers are seen in front of binary codes and words ‘Cyber attack’ in this illustration taken July 19, 2023. REUTERS/Dado Ruvic/Illustration/File Photo Hackers compromised an employee of the data-protection company Cyberhaven and used the worker’s access to potentially steal sensitive information ...