Active exploitation of vulnerability affecting Ivanti Connect Secure 

Ivanti has published a security advisory detailing two stack-based buffer overflows vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA Gateways. 

Source: https://www.ncsc.gov.uk/news/active-exploitation-ivanti-vulnerability  

T-Mobile Sued Over Massive Data Breach Impacting Over 2 Million Users 

Washington State Attorney General Bob Ferguson has filed a consumer protection lawsuit against T-Mobile, accusing the telecommunications giant of failing to adequately secure sensitive personal information, which led to a massive data breach affecting more than 2 million residents of Washington. 

Source: https://cybersecuritynews.com/t-mobile-sued/   

UN aviation agency confirms recruitment database security breach 

The United Nations’ International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database. 

Source: https://www.bleepingcomputer.com/news/security/un-aviation-agency-confirms-recruitment-database-security-breach/  

Casio says data of 8,500 people exposed in October ransomware attack 

Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. 

Source: https://www.bleepingcomputer.com/news/security/casio-says-data-of-8-500-people-exposed-in-october-ransomware-attack/  

Telegram hands over data on thousands of users to US law enforcement 

Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement. 

Source: https://www.bleepingcomputer.com/news/legal/telegram-hands-over-data-on-thousands-of-users-to-us-law-enforcement/  

Thousands of credit cards stolen in Green Bay Packers store breach 

American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach. 

Source: https://www.bleepingcomputer.com/news/security/thousands-of-credit-cards-stolen-in-green-bay-packers-store-breach/  

Palo Alto Networks Expedition Tool Vulnerability Exposes Firewall Credentials 

Multiple vulnerabilities in Palo Alto Networks’ Expedition migration tool have been discovered, potentially exposing sensitive firewall credentials, including usernames, cleartext passwords, device configurations, and API keys. 

Source: https://cybersecuritynews.com/palo-alto-networks-expedition-tool-vulnerability/  

CISA Warns of Three Vulnerabilities Actively Exploited in Attacks 

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding three critical vulnerabilities that are currently being exploited in the wild. 

Source: https://cybersecuritynews.com/mitel-micollab-oracle-vulnerabilities/  

Dell Update Package Framework Vulnerability Let Attackers Escalate Privileges 

A critical security vulnerability has been identified in Dell’s Update Package (DUP) Framework, potentially exposing systems to privilege escalation and denial-of-service attacks. 

Source: https://cybersecuritynews.com/dell-update-vulnerability/  

IBM Concert Software Vulnerabilities Let Attackers steal Sensitive Data 

IBM Concert Software has been found vulnerable to multiple security flaws that could allow attackers to trigger denial-of-service (DoS) conditions, expose sensitive information, and compromise system integrity. 

Source: https://cybersecuritynews.com/ibm-concert-software-dos-vulnerabilities/  

  

Smarttech247