Ongoing attacks leveraging a pair of critical operating system command injection flaws impacting GeoVision Internet of Things devices, tracked as CVE-2024-6047 and CVE-2024-11120, have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the security flaws by May 28, according to Security Affairs.
Security news for this week:
RDP and credentials that are not really revoked, and some RDP bitmap caching fun
Some magic info on MagicINFO
Vulnerability Management Zombies
There is a backdoor in your e-commerce
Airborne: vulnerabilities in AirPlay
Bring your own installer - crafty EDR bypass
The Signal clone used by US government officials: shock...
Attacks aimed at the end-of-life GeoVision IoT devices involved an exploit using the operating system command injection bugs, tracked as CVE-2024-6047 and CVE-2024-11120.
The crosswalk is talking to me man!, don't block my website without due process, Florida is demanding encryption backdoors, attacking boilers and banning HackRF Ones, time to update your flipper zero, using AI to create working exploits, what happens when you combine an RP2350 and an ESP32? Hopefully good hackery things!, more evidence that patchin...
Makers of IoT and embedded devices are about to face stringent regulations around firmware development, documentation and support. Here's why they'll need automation to keep up.
CyberScoop reports that the House Energy and Commerce Committee has approved legislation that would mandate a federal examination on the threat of adversarial nation-controlled routers, modems, and other networking devices on U.S. national security.
Attempted attacks against TVT Digital Technology's NVMS9000 DVRs which had its firmware last updated seven years ago have surged, with devices impacted by an information disclosure flaw reported in May targeted by more than 2,500 IPs suspected to be part of a Mirai-based botnet on Thursday, according to BleepingComputer.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.