'

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept (PoC) exploit code for critical Ivanti Sentry authentication bypass vulnerability CVE-2023-38035 (CVSS score 9.8). This week the software company Ivanti released urgent security patches to address the critical-severity vulnerability CVE-2023-38035 impacting the Ivanti Sentry (formerly MobileIron Sentry) product. … Read more

Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider

Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider

The North Korea-linked Lazarus group exploits a critical flaw in Zoho ManageEngine ServiceDesk Plus to deliver the QuiteRAT malware. The North Korea-linked APT group Lazarus has been exploiting a critical vulnerability, tracked as CVE-2022-47966, in Zoho’s ManageEngine ServiceDesk in attacks aimed at the Internet backbone infrastructure provider and healthcare organizations. The state-sponsored hackers targeted entities … Read more

NIST publishes draft post-quantum cryptography standards, calls for industry feedback

NIST publishes draft post-quantum cryptography standards, calls for industry feedback

The US National Institute of Standards and Technology (NIST) has published draft post-quantum cryptography (PQC) standards that are designed as a global framework to help organizations protect themselves from future quantum-enabled cyberattacks. The standards were selected by NIST following a seven-year process which began when the agency issued a public call for submissions to the … Read more

The delta between perception and preparedness

The delta between perception and preparedness

As ransomware flourishes and attackers’ techniques get more sophisticated, organizations of all sizes and industries are targets. For this reason, security leaders must immediately invest in the appropriate technologies, people and processes to avoid a ransomware attack in the future. Yet, when it comes to ransomware protection, there’s a delta between perception and preparedness. In … Read more

Webshells: Why an old tactic is still relevant

Webshells: Why an old tactic is still relevant

The threat landscape is constantly evolving, but often, it’s the same old tricks that pay off. In the past several months, we’ve been seeing a preponderance of webshell attacks. In fact, a good portion of the attacks my research team has seen this year has had some kind of shell component to it. Why is … Read more

ImmuniWeb releases Mobile Neuron to scan for OWASP Mobile Top 10 vulnerabilities, iOS/Android weaknesses

ImmuniWeb releases Mobile Neuron to scan for OWASP Mobile Top 10 vulnerabilities, iOS/Android weaknesses

Application security vendor ImmuniWeb has announced the release of Neuron Mobile, a mobile application security testing solution designed to scan for OWASP Mobile Top 10 vulnerabilities and weaknesses in iOS and Android apps. Neuron Mobile is an entirely automated solution that features dynamic and static application security testing (DAST/SAST) as well as software composition analysis … Read more

Star your favorite websites in the dashboard

Star your favorite websites in the dashboard

We’re excited to introduce starring, a new dashboard feature built to speed up your workflow. You can now “star” up to 10 of the websites and applications you have on Cloudflare for quicker access. Star your websites or applications for more efficiency We have heard from many of our users, particularly ones with tens to … Read more

Trulioo enhances identity verification with “person match” intelligent routing

Trulioo enhances identity verification with “person match” intelligent routing

Identity verification platform Trulioo has announced new Workflow Studio capabilities to accelerate global person matching through personally identifiable information (PII) and identity documents. The platform streamlines the verification of good users through intelligent transaction routing that improves match rates and helps businesses accelerate customer onboarding, according to the firm. Effective identity verification/authentication remains one of … Read more

Specialized third-party solutions prove effective against malicious bots, ATO attacks, script risks

Specialized third-party solutions prove effective against malicious bots, ATO attacks, script risks

Specialized third-party solutions are proving notably effective in helping businesses tackle malicious bots, account takeover (ATO) attacks, and third-party script threats. That’s according to a new survey of IT and security professionals by security vendor Akamai in collaboration with Foundry (CSO is a Foundry brand). The pair surveyed more than 300 global IT and security … Read more

Cyber Mindfulness Corner Company Spotlight: Egress

Cyber Mindfulness Corner Company Spotlight: Egress

At the IT Security Guru we’re showcasing organisations that are passionate about making cybersecurity a healthier, more mindful industry. This week, Jack Chapman, VP of Threat Intelligence at Egress, spoke to the Gurus about the human side of phishing, leading by example, and eradicating blame culture. When it comes to mental health and wellbeing support, … Read more

Lapsus$ member has been convicted of having hacked multiple high-profile companies

Lapsus$ member has been convicted of having hacked multiple high-profile companies

An 18-year-old member of the Lapsus$ gang has been convicted of having helped hack multiple high-profile companies. A teenage member of the Lapsus$ data extortion group, Arion Kurtaj (18), was convicted by a London jury of having hacked multiple high-profile companies, including Uber, Revolut, and blackmailed the developers of the gaming firm Rockstar Games. Since September … Read more