Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team

Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team

Organizations everywhere are on a lightning-fast learning trajectory to understand the potential of generative AI and its implications for their security, their workforce, and the industry at large. AI is quickly becoming a force multiplier—presenting significant opportunities for security teams to increase productivity, save time, upskill resources, and more. News and information about “the age … Read more

Microsoft Entra Verified ID introduces Face Check in preview

Microsoft Entra Verified ID introduces Face Check in preview

Today, I’m thrilled to announce the expansion of Microsoft Entra Verified ID to include Face Check—a privacy-respecting facial matching feature for high-assurance verifications, which is now in preview. Watch the video to learn more and read on for how you can get started today. Try Face Check for yourself. Verified ID: Verify once, use everywhere In … Read more

Cisco patches serious flaws in Expressway and ClamAV

Cisco patches serious flaws in Expressway and ClamAV

Cisco has fixed three serious cross-site request forgery (CSRF) vulnerabilities in its Expressway Series collaboration gateway and a denial-of-service (DoS) flaw in the ClamAV anti-malware engine. CSRF flaws allow unauthenticated attackers to perform arbitrary actions on vulnerable devices by tricking users to click on a specifically crafted link. The actions execute with the privilege of … Read more

Ivanti Discloses New Flaw in Policy Secure, Connect Secure VPN

Ivanti Discloses New Flaw in Policy Secure, Connect Secure VPN

A new vulnerability has been disclosed in certain versions of Ivanti’s Connect Secure VPN and Ivanti Policy Secure appliances. This latest flaw (CVE-2024-22024), described by Ivanti as an XML external entity or XXE flaw, stems from the SAML component of Connect Secure, Ivanti Policy Secure and ZTA gateways. If exploited, the flaw could enable an … Read more

Categories duo

Fortinet Warns of Zero Day in FortiOS

Fortinet Warns of Zero Day in FortiOS

Fortinet has released fixes for a critical remote code execution vulnerability in many versions of its FortiOS software that may be under active attack at the moment. The vulnerability (CVE-2024-21762) is an out-of-bounds write in the sslvpnd component of the software, and it affects FortiOS 6.0, 6.2, 6.4, 7.0, 7.2, and 7.4. Fortinet released an … Read more

Categories duo

Juniper Support Portal Exposed Customer Device Info

Juniper Support Portal Exposed Customer Device Info

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from … Read more

Q&A: Gary McGraw

Q&A: Gary McGraw

Gary McGraw, CEO of the Berryville Institute of Machine Learning, recently joined Dennis Fisher on the Decipher podcast to discuss his team’s new architectural risk analysis of black box LLM models and the need for regulation in the AI market. This is a condensed and edited transcript of that discussion. Dennis Fisher: For people that … Read more

Categories duo

Own Company Unveils New Channel Partner Program

Own Company Unveils New Channel Partner Program

Own Company, a leading SaaS data platform, today announced the launch of a global Channel Partner Program aimed at empowering resellers and system integrators to proactively prevent their customers from losing mission-critical data and metadata. With automated backups and rapid, stress-free recovery, Own partners will be equipped with the essential resources, skills, and support necessary … Read more

Fortinet urges patching N-day bug amid ongoing nation-state exploitation

Fortinet urges patching N-day bug amid ongoing nation-state exploitation

Fortinet has advised users to immediately patch an N-day vulnerability in its systems being potentially exploited in the wild to carry out remote code execution (RCE) attacks. Tracked as CVE-2024-21762, the flaw has a “critical” severity rating with a CVSS score of 9.6 and allows a remote unauthenticated actor to execute arbitrary commands by specially crafted HTTP … Read more

Quantum computing: The data security conundrum

Quantum computing: The data security conundrum

One of the biggest challenges of digital technology today is around security systems and data. In response to this, sophisticated algorithms have been designed to encrypt data and protect it through frameworks known as symmetric cryptography. While this has proven successful, advancements in quantum computing – which utilises quantum mechanics to solve complex problems faster … Read more

CISA takes on US state election security issues, deploys inspectors

CISA takes on US state election security issues, deploys inspectors

The US Cybersecurity and Infrastructure Security Agency is deploying additional election inspectors ahead of this year’s national elections, strengthening a team dedicated to combating electoral interference from a range of bad actors. The new inspectors bring “extensive experience” in monitoring the administration and security of US elections, according to CISA Senior Advisor Cait Conley, who … Read more

Verizon Breach – Malicious Insider or Innocuous Click?

Verizon Breach – Malicious Insider or Innocuous Click?

A household name among American media companies, Verizon Communications on Wednesday began notifying employees that an insider may have gained access to their data. According to the breach notice to the Maine Attorney General, an unauthorized employee opened a file containing sensitive data of 63,206 other employees.  While customers are not believed to have been … Read more

jsplaces