'

U.S. Cracks Down on Spyware With Visa Restriction Policy

U.S. Cracks Down on Spyware With Visa Restriction Policy

Under a new U.S. policy, the State Department will be able to impose visa restrictions on individuals that are involved with the misuse of commercial spyware. The policy, which is issued under the Immigration and National Act, is only the latest effort by the U.S. government to curb the sale and usage of spyware tools. … Read more

Categories duo

CISA: Federal Agencies Must Disconnect Vulnerable Ivanti Appliances

CISA: Federal Agencies Must Disconnect Vulnerable Ivanti Appliances

CISA on Wednesday told federal agencies to temporarily disconnect all instances of Ivanti Connect Secure and Policy Secure appliances from agency networks within 48 hours, as Ivanti continues to grapple with two widely exploited vulnerabilities in these products. The new guidance comes less than two weeks after CISA issued an emergency directive giving federal agencies … Read more

Categories duo

Executives Navigate Operational Technology Security Challenges

Executives Navigate Operational Technology Security Challenges

As threat actors continue to target manufacturing plants and utilities, boards of directors and executives are beginning to better understand the value of better securing the operational technology (OT) that underpins this critical infrastructure. The days where OT and IT environments were completely separate are long gone, but questions about securing traditional IT infrastructure have … Read more

Categories duo

White House Implements AI Safety Reporting Mandate

White House Implements AI Safety Reporting Mandate

The White House said it has made headway on several pieces of its AI executive order, including a key component requiring developers of the “most powerful AI systems” to report “vital information” related to cybersecurity measures, training plans and more. On Monday, the White House AI Council is convening to discuss these updates from the … Read more

Categories duo

‘Radical Transparency’ Needed For Tackling Identity Challenges

‘Radical Transparency’ Needed For Tackling Identity Challenges

Sophisticated attackers are regularly relying on identity-centric tactics to target enterprises, but the cybersecurity industry can’t effectively tackle this challenge without first better understanding where different organizations are – and where they are headed – in the process of implementing measures that can help verify the identities of privileged users, said Eric Goldstein, executive assistant … Read more

Categories duo

HPE Discloses Hack by Russian Nation-State Actor

HPE Discloses Hack by Russian Nation-State Actor

Hewlett Packard Enterprise said that a suspected Russian nation-state actor, APT29, was able to gain unauthorized access to its email environment, days after Microsoft said the same group was able to access the corporate email accounts of its senior leadership team. In a Form 8-K filed with the U.S. Securities and Exchange Commission (SEC) on … Read more

Categories duo

Exploit Code Released For Fortra GoAnywhere MFT Flaw

Exploit Code Released For Fortra GoAnywhere MFT Flaw

Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software. Fortra on Monday publicly disclosed the vulnerability in an advisory, but the patch was made available to customers earlier on Dec. 7. The flaw (CVE-2024-0204) could enable remote, unauthenticated attackers to bypass authentication in order … Read more

Categories duo

SEC: SIM Swapping Attack Led to Twitter Account Compromise

SEC: SIM Swapping Attack Led to Twitter Account Compromise

Two weeks after its Twitter account was compromised, the SEC has confirmed that the threat actors behind the hack were likely able to obtain control of the cell phone number associated with the SEC account through a SIM swapping attack. Attackers use SIM swapping to transfer phone numbers to another device without authorization, allowing them … Read more

Categories duo