duo
U.S. Cracks Down on Spyware With Visa Restriction Policy
Under a new U.S. policy, the State Department will be able to impose visa restrictions on individuals that are involved with the misuse of commercial spyware. The policy, which is issued under the Immigration and National Act, is only the latest effort by the U.S. government to curb the sale and usage of spyware tools. … Read more
CISA: Federal Agencies Must Disconnect Vulnerable Ivanti Appliances
CISA on Wednesday told federal agencies to temporarily disconnect all instances of Ivanti Connect Secure and Policy Secure appliances from agency networks within 48 hours, as Ivanti continues to grapple with two widely exploited vulnerabilities in these products. The new guidance comes less than two weeks after CISA issued an emergency directive giving federal agencies … Read more
Executives Navigate Operational Technology Security Challenges
As threat actors continue to target manufacturing plants and utilities, boards of directors and executives are beginning to better understand the value of better securing the operational technology (OT) that underpins this critical infrastructure. The days where OT and IT environments were completely separate are long gone, but questions about securing traditional IT infrastructure have … Read more
White House Implements AI Safety Reporting Mandate
The White House said it has made headway on several pieces of its AI executive order, including a key component requiring developers of the “most powerful AI systems” to report “vital information” related to cybersecurity measures, training plans and more. On Monday, the White House AI Council is convening to discuss these updates from the … Read more
‘Radical Transparency’ Needed For Tackling Identity Challenges
Sophisticated attackers are regularly relying on identity-centric tactics to target enterprises, but the cybersecurity industry can’t effectively tackle this challenge without first better understanding where different organizations are – and where they are headed – in the process of implementing measures that can help verify the identities of privileged users, said Eric Goldstein, executive assistant … Read more
HPE Discloses Hack by Russian Nation-State Actor
Hewlett Packard Enterprise said that a suspected Russian nation-state actor, APT29, was able to gain unauthorized access to its email environment, days after Microsoft said the same group was able to access the corporate email accounts of its senior leadership team. In a Form 8-K filed with the U.S. Securities and Exchange Commission (SEC) on … Read more
Exploit Code Released For Fortra GoAnywhere MFT Flaw
Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) software. Fortra on Monday publicly disclosed the vulnerability in an advisory, but the patch was made available to customers earlier on Dec. 7. The flaw (CVE-2024-0204) could enable remote, unauthenticated attackers to bypass authentication in order … Read more
SEC: SIM Swapping Attack Led to Twitter Account Compromise
Two weeks after its Twitter account was compromised, the SEC has confirmed that the threat actors behind the hack were likely able to obtain control of the cell phone number associated with the SEC account through a SIM swapping attack. Attackers use SIM swapping to transfer phone numbers to another device without authorization, allowing them … Read more
Apple Patches WebKit Zero Day, Adds Stolen Device Protection in iOS
Apple has released updates for iOS, Safari, and macOS to address a vulnerability in WebKit that has been actively exploited in the wild, and has also added a new security feature in iOS that can prevent access or changes to some sensitive data and features on iPhones if they’re lost or stolen. The WebKit bug … Read more