Patch/Configuration Management

CISA urges security teams to run the patch right away and don’t let devices running Palo Alto Expedition software on the public internet.

Extensive account exposure by a misconfigured API was discovered by game developer and ethical hacker Sean Kahler through a developer testing environment privileged access token obtained following the identification of hardcoded credentials in a game's executable.

Included in the leaked files were data for Cisco clients and other DevHub users, as well as certain CX Professional Services customers, who have already been informed about the breach.

According to the UK's FCA, third-party related issues were the leading cause of operational incidents reported between 2022 and 2023.

The “Phish ‘n’ Ships” threat operation has infected more than 1,000 websites and has possibly stolen tens of millions of dollars.

In a twist, more than 1 terabyte of data was stored in the S3 bucket of a previous victim.

QNAP's patches for the SQLi issue come just days after it addressed another zero-day impacting its HBS 3 Hybrid Backup Sync disaster recovery and data backup solution, which was discovered and leveraged by the Viettel Cyber Security team to compromise a TS-464 network-attached storage device during the competition.