A critical flaw affects Fortinet FortiOS and FortiProxy, patch it now!

Fortinet addressed a critical heap buffer underflow vulnerability affecting FortiOS and FortiProxy, which can lead to arbitrary code execution. Fortinet addressed a critical buffer underwrite (‘buffer underflow’) vulnerability, tracked as CVE-2023-25610 (CVSS v3 9.3), that resides in the administrative interface in FortiOS and FortiProxy. A remote, unauthenticated attacker can exploit the vulnerability to execute arbitrary […]

The post A critical flaw affects Fortinet FortiOS and FortiProxy, patch it now! appeared first on Security Affairs.

BlackLotus UEFI bootkit Can Bypass Secure Boot on Windows

By Deeba Ahmed
Security firm ESET’s cybersecurity researchers have shared their analysis of the world’s first UEFI bootkit being used in…
This is a post from HackRead.com Read the original post: BlackLotus UEFI bootkit Can Bypass Secu…

Veeam warns to install patches to fix a bug in its Backup & Replication product

Veeam addressed a high-severity vulnerability in the Backup Service that impacts Backup & Replication software. Veeam addressed a high-severity vulnerability in the Backup Service, tracked as CVE-2023-27532 (CVSS v3 score: 7.5), that impacts all versions of Backup & Replication software versions. “Vulnerability CVE-2023-27532 in Veeam Backup & Replication component allows to obtain encrypted credentials stored in the […]

The post Veeam warns to install patches to fix a bug in its Backup & Replication product appeared first on Security Affairs.

Phishing Attack Uses UAC Bypass to Drop Remcos RAT Malware

By Deeba Ahmed
Currently, scammers are using DBatLoader malware loader to distribute Remcos RAT to businesses and institutions across Eastern Europe.
This is a post from HackRead.com Read the original post: Phishing Attack Uses UAC Bypass to Drop Remc…

CISA adds three new bugs to Known Exploited Vulnerabilities Catalog

US CISA added actively exploited flaws in Teclib GLPI, Apache Spark, and Zoho ManageEngine ADSelfService Plus to its Known Exploited Vulnerabilities Catalog. US CISA added the following actively exploited flaws to its Known Exploited Vulnerabilities Catalog: The CVE-2022-35914 flaw is a PHP code injection vulnerability that resides in the /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI […]

The post CISA adds three new bugs to Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.

Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary

By Waqas
While HDFC Bank has denied any data breach, its subsidiary, HDB Financial Services, has confirmed there was a cybersecurity-related incident which is being investigated.
This is a post from HackRead.com Read the original post: Hacker Leaks 73M…

Risk management policy

SUMMARY Risk management involves the practice of addressing and handling threats to the organization in the form of cybersecurity attacks and compromised or lost data. The process of establishing appropriate risk management guidelines is critical to en…