Never risk it when it comes to brisket – make sure those updates are applied Keen meatheads better hope they haven't angered any cybersecurity folk before allowing their Traeger grills to update because a new high-severity vulnerability could be used for all kinds of high jinks.…

Software company's claim of there being no active exploits also being questioned In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it.…

Danger of remote account takeovers leaves lead devs scared of releasing many details Mastodon has called admins to action following the disclosure of a critical vulnerability affecting the decentralized social network favored by erstwhile Twitter lovers.…

Multiple publicly available exploits have since been published for the critical flaw The number of public-facing installs of Jenkins servers vulnerable to a recently disclosed critical vulnerability is in the tens of thousands.…

No need to panic, but grab those updates or mitigations anyway just to be safe A vulnerability in the SSH protocol can be exploited by a well-placed adversary to weaken the security of people's connections, if conditions are right.…

Seriously, people - please check the stuff you fetch more carefully Security vendor Sonatype believes developers are failing to address the critical remote code execution (RCE) vulnerability in the Apache Struts 2 framework, based on recent downloads of the code.…

Fitzpatrick faces potentially decades in prison later this month, so may as well get some foreign Netflix in beforehand The cybercriminal behind BreachForums was this week arrested for violating the terms of his pretrial release and will now be held in custody until his sentencing hearing.…

Terrorist ideology suspected to be motivation A former software developer for Britain's cyberspy agency is facing years in the slammer after being sentenced for stabbing a National Security Agency (NSA) official multiple times.…

Seafaring cybercrim's wife faces similar sentence next month A former IT manager for the US Navy is facing a five-and-a-half year prison sentence for selling thousands of people's personal records on the dark web.…

Says logins are safe, as high-profile customers complain they knew about the breach before Okta 1Password is confirming it was attacked by cyber criminals after Okta was breached for the second time in as many years, but says customers' login details are safe.…

Not quite a pound for every one of the 13.8 million affected UK citizens, and it could have been more The UK's Financial Conduct Authority (FCA) has fined Equifax a smidge over £11 million ($13.6 million) for severe failings that put millions of consumers at risk of financial crime.…

The firm 'fessed up to staff misconduct and avoided criminal liability A company contracted to manage an Amarillo, Texas nuclear weapons facility has to pay US government $18.4 million in a settlement over allegations that its atomic technicians fudged their timesheets to collect more money from Uncle Sam.…

Crashes galore, plus especially crafty crims could use it for much worse Infosec researchers are alerting the industry to a critical vulnerability in Fluent Bit – a logging component used by a swathe of blue chip companies and all three major cloud providers.…

An open and shut case, but the perps remain at large – whoever they are Justice is served… or should that be saved now that audio-visual software deployed in more than 10,000 courtrooms is once again secure after researchers uncovered evidence that it had been backdoored for weeks.…

Hundreds of thousands of users potentially vulnerable Password manager 1Password is warning that all Mac users running versions before 8.10.36 are vulnerable to a bug that allows attackers to steal vault items.…

SaaS seller sets severity to 'critical' Adobe's patch for a remote code execution (RCE) bug in Acrobat this week doesn't mention that the vulnerability is considered a zero-day nor that a proof-of-concept (PoC) exploit exists, a researcher warns.…

Now it's the default for all new accounts Snowflake continues to push forward in strengthening its users' cybersecurity posture by making multi-factor authentication the default for all new accounts.…

Italian mafia mobsters and Irish crime families scuppered by international cops Hours after confirming they had pwned the supposedly uncrackable encrypted messaging platform used for all manner of organized crime, Ghost, cops have now named the suspect they cuffed last night, who is charged with being the alleged mastermind.…

11M devices exposed to trojan, Kaspersky says Updated  The Necro trojan is once again making a move against Android users, with up to eleven million individuals thought to be exposed to infected apps.…

Mondays are for checking months of logs, apparently, if MFA's not enabled In potentially bad news for those with long names and/or employers with verbose domain names, Okta spotted a security hole that could have allowed crims to pass Okta AD/LDAP Delegated Authentication (DelAuth) using only a username.…

First in six years is nearly three times the size of the older, pre-NATO version Residents of Sweden are to receive a handy new guide this week that details how to prepare for various types of crisis situations or wartime should geopolitical events threaten the country.…

Company announces intent following Ticketmaster, Santander break-ins A month after incident response giant Mandiant suggested the litany of data thefts linked to Snowflake account intrusions had the common component of lacking multi-factor authentication (MFA) controls, the cloud storage and data analytics company is offering a mandatory MFA option to admins.…

Letters from CISO Ethan Steiger suggest the data related to job applications Advance Auto Parts' CISO just revealed for the first time the number of individuals affected when criminals broke into its Snowflake instance – a hefty 2.3 million.…