Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Social engineer reveals effective tricks for real-world intrusions In this …
Akira ransomware attackers are wiping NAS and tape backups
“The Akira ransomware malware, which was first detected in Finland in June 2023, has been particularly active at the end of the year,” the Finnish National …
Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)
A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have …
Cloud security predictions for 2024
As we reflect on the cybersecurity landscape and the trajectories of threat vectors, it’s evident that we’re on the cusp of a paradigm shift in cloud security. …
New infosec products of the week: January 12, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Critical Start, Dasera, ID R&D, and SpecterOps. SpecterOps adds new Attack …
LLM hype fades as enterprises embrace targeted AI models
2023 was the year of AI enterprise adoption, with 55% of organizations adopting AI into their workflows, according to a recent report from McKinsey & Co. This adoption …
Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272)
Cisco has fixed a critical vulnerability (CVE-2024-20272) in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root …
Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)
Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers …
Purple teaming and the role of threat categorization
Organizations constantly work to ensure optimal threat detection and prevention across their systems. One question gets asked repeatedly: “Can we detect the threats we’re …
APIs are increasingly becoming attractive targets
APIs, a technology that underpins today’s most used sites and apps, are being leveraged by businesses more than ever—ultimately opening the door to more online threats than …
Hackers are targeting exposed MS SQL servers with Mimic ransomware
Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning. About Mimic ransomware Mimic ransomware was first …
SEC’s X account hacked to post fake news of Bitcoin ETF approval
Someone has hijacked the X (formerly Twitter) account of the US Securities and Exchange Commission (SEC), and posted an announcement saying the agency has decided to allow the …
Featured news
Resources
Don't miss
- What it really takes to build a resilient cyber program
- How cybercriminals exploit psychological triggers in social engineering attacks
- Key tips to stay safe from deepfake and AI threats
- UK retailers under cyber attack: Co-op member data compromised
- How CISOs can talk cybersecurity so it makes sense to executives