'

CISA Issues Emergency Directive For Ivanti Flaws, Warns of ‘Widespread Exploitation’

CISA Issues Emergency Directive For Ivanti Flaws, Warns of ‘Widespread Exploitation’

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday gave federal agencies a hard deadline to implement mitigations for two Ivanti vulnerabilities and warned that it is seeing “widespread exploitation” of the flaws. CISA on Friday ordered federal agencies to download and import “mitigation.release.20240107.1.xml,” via Ivanti’s download portal, into any impacted products “as soon … Read more

Categories duo

Safeguarding AI: The path to trustworthy technology

Safeguarding AI: The path to trustworthy technology

The pace of technology adoption is accelerating. Whereas users once took years to broadly adopt new technologies, now they’re jumping on new trends in a matter of months. Take the evolution of phones, the internet, and social media, for example. It took 16 years for smartphones to be adopted by 100 million users and 7 … Read more

Limiting remote access exposure in hybrid work environments

Limiting remote access exposure in hybrid work environments

Remote work began as a temporary measure during the pandemic but has long been a permanent fixture in our new way of working. Organizations have shifted to remote desktop work environments at an increasing speed since then – simultaneously expanding their attack surface and exposing themselves to greater cybersecurity threats. The remote work revolution has … Read more

North Korea’s ScarCruft APT group targets infosec pros

North Korea’s ScarCruft APT group targets infosec pros

Cybersecurity researchers and threat analysts are high on the list of valuable targets for nation-state advanced persistent threat (APT) actors. Not only can information security personnel provide access to non-public intelligence regarding malware and mitigations, but they can also become attack vectors through which the security firms themselves could become victims. The methods through which … Read more

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

Top Unexpected Ways to Utilise a Password Manager for Enhanced Security and Organisation

Password managers have become integral tools for individuals and businesses alike. They are primarily known for securely saving and managing login credentials so users don’t have to remember them all or write them down, where they could be compromised. However, these digital guardians can offer more than just a secure vault for passwords. In fact, … Read more

Keeper Security Announces Partnership with St. Anna Children’s Cancer Research Institute

Keeper Security Announces Partnership with St. Anna Children’s Cancer Research Institute

Today, password pros Keeper Security have announced a partnership with St. Anna Children’s Cancer Research Institute (St. Anna CCRI), a renowned Austrian healthcare institution based in Vienna. St. Anna CCRI is a renowned paediatric cancer research institute. Keeper will provide the Austrian institute with secure password management to fortify their digital credential security. This achievement … Read more

Patched Apache ActiveMQ bug abused to drop Godzilla web shells

Patched Apache ActiveMQ bug abused to drop Godzilla web shells

A patched critical remote code execution (RCE) vulnerability in Apache ActiveMQ messaging systems is being widely exploited by attackers, according to TrustWave research. The vulnerability, tracked as CVE-2023-46604, is used by attackers to insert and run malicious Java Server Pages (JSP) web shells, derived from open source Godzilla web shell, on the affected Apache ActiveMQ hosts. … Read more

China remains the biggest threat, according to the defense security community

China remains the biggest threat, according to the defense security community

In mid-December, the United States Defense Intelligence Agency (DIA) hosted its annual Department of Defense Intelligence Information System Worldwide conference, known as DoDIIS. The event brought together various Department of Defense (DoD) and DIA department heads, leaders from within the intelligence community, leaders from the Five Eyes (FVEY) community comprised of Australia, Canada, New Zealand, … Read more

Russia-based group hacked emails of Microsoft’s senior leadership

Russia-based group hacked emails of Microsoft’s senior leadership

A Russia-based group, Midnight Blizzard, also known as Nobelium, has hacked Microsoft’s employee emails, including those of senior staff, Microsoft revealed in a recent blog post. “Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the … Read more

Top 4 LLM threats to the enterprise

Top 4 LLM threats to the enterprise

As CISO for the Vancouver Clinic, Michael Bray gushes about the infinite ways large language models (LLMs) will improve patient care. “DNA-based predictive studies, metabolic interactions, lab services, diagnostics and other medicine will be so advanced that today’s medical practices will look prehistoric,” he says. “For example, applications like ActX are already making a huge … Read more