Fortinet Warns of Zero Day in FortiOS

Fortinet Warns of Zero Day in FortiOS

Fortinet has released fixes for a critical remote code execution vulnerability in many versions of its FortiOS software that may be under active attack at the moment. The vulnerability (CVE-2024-21762) is an out-of-bounds write in the sslvpnd component of the software, and it affects FortiOS 6.0, 6.2, 6.4, 7.0, 7.2, and 7.4. Fortinet released an … Read more

Categories duo

Q&A: Gary McGraw

Q&A: Gary McGraw

Gary McGraw, CEO of the Berryville Institute of Machine Learning, recently joined Dennis Fisher on the Decipher podcast to discuss his team’s new architectural risk analysis of black box LLM models and the need for regulation in the AI market. This is a condensed and edited transcript of that discussion. Dennis Fisher: For people that … Read more

Categories duo

Ransomware Payments Hit $1.1B Record in 2023

Ransomware Payments Hit .1B Record in 2023

In 2023, organizations saw a “major escalation” in the frequency, scope and volume of ransomware attacks, highlighting challenges in efforts by enterprise security teams and the U.S. government to curb the threat of ransomware overall. A portion of a report released by Chainalysis on Wednesday recorded $1.1 billion in ransomware payments in 2023, a significant … Read more

Categories duo

Experts Urge Tighter Focus on Critical Infrastructure Security

Experts Urge Tighter Focus on Critical Infrastructure Security

As government-backed adversaries continue to shift some of their energy and capabilities to attacks on critical infrastructure, experts say a tighter focus on some basic yet effective security controls, along with increased strategic leadership from federal agencies, could help turn the tide in defenders’ favor. Recent attack campaigns that have targeted critical infrastructure operators in … Read more

Categories duo

U.S. Cracks Down on Spyware With Visa Restriction Policy

U.S. Cracks Down on Spyware With Visa Restriction Policy

Under a new U.S. policy, the State Department will be able to impose visa restrictions on individuals that are involved with the misuse of commercial spyware. The policy, which is issued under the Immigration and National Act, is only the latest effort by the U.S. government to curb the sale and usage of spyware tools. … Read more

Categories duo

CISA: Federal Agencies Must Disconnect Vulnerable Ivanti Appliances

CISA: Federal Agencies Must Disconnect Vulnerable Ivanti Appliances

CISA on Wednesday told federal agencies to temporarily disconnect all instances of Ivanti Connect Secure and Policy Secure appliances from agency networks within 48 hours, as Ivanti continues to grapple with two widely exploited vulnerabilities in these products. The new guidance comes less than two weeks after CISA issued an emergency directive giving federal agencies … Read more

Categories duo

Executives Navigate Operational Technology Security Challenges

Executives Navigate Operational Technology Security Challenges

As threat actors continue to target manufacturing plants and utilities, boards of directors and executives are beginning to better understand the value of better securing the operational technology (OT) that underpins this critical infrastructure. The days where OT and IT environments were completely separate are long gone, but questions about securing traditional IT infrastructure have … Read more

Categories duo

White House Implements AI Safety Reporting Mandate

Q&A: Gary McGraw

The White House said it has made headway on several pieces of its AI executive order, including a key component requiring developers of the “most powerful AI systems” to report “vital information” related to cybersecurity measures, training plans and more. On Monday, the White House AI Council is convening to discuss these updates from the … Read more

Categories duo

‘Radical Transparency’ Needed For Tackling Identity Challenges

‘Radical Transparency’ Needed For Tackling Identity Challenges

Sophisticated attackers are regularly relying on identity-centric tactics to target enterprises, but the cybersecurity industry can’t effectively tackle this challenge without first better understanding where different organizations are – and where they are headed – in the process of implementing measures that can help verify the identities of privileged users, said Eric Goldstein, executive assistant … Read more

Categories duo
jsplaces