Courtroom Recording Platform JAVS Hijacked in Supply Chain Attack
Source: Dark Reading
With more than 10,000 installations across prisons, courts, and governments, impacted Justice AV Solutions users are urged to re-image affected endpoints and reset credentials. A Windows version of the RustDoor installer is spreading via a compromised audiovisual software package hosted and distributed by an audio-visual recording platform used in courtrooms, jails, prisons, council, hearing, and lecture halls across nationwide.
Veeam warns of critical Backup Enterprise Manager auth bypass bug
Source: Bleeping Computer
Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM).
Anyone Can Trick AI Bots Into Spilling Passwords
Source: Data Breach Today
It doesn't take a skilled hacker to glean sensitive information anymore: Cybersecurity researchers found that all you need to trick a chatbot into spilling someone else's passwords is "creativity.”.
Critical Fluent Bit Bug Impacts All Major Cloud Platforms
Source: Infosecurity Magazine
A newly discovered flaw in open source utility Fluent Bit could enable widespread DoS, RCE and information leakage. Security researchers have warned of another critical software supply chain vulnerability – this time affecting a popular logging utility with 13 billion downloads.
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
Source: The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.