F5 fixes critical BIG-IP vulnerability, PoC is public (CVE-2023-46747)
F5 Networks has released hotfixes for two vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass …
White House issues Executive Order for safe, secure, and trustworthy AI
President Biden issued a landmark Executive Order to ensure that America leads the way in seizing the promise and managing the risks of artificial intelligence (AI). New …
Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)
CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by …
Logging Made Easy: Free log management solution from CISA
CISA launched a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. …
Google expands bug bounty program to cover AI-related threats
Google has expanded its bug bounty program, aka Vulnerability Rewards Program (VRP), to cover threats that could arise from Google’s generative AI systems. …
The dangers of dual ransomware attacks
At some point in the movie “Groundhog Day,” Phil Connors breaks his bedside radio when he is woken up (yet again) by the song “I Got You Babe”. This déjà vu seems to await …
AI threat landscape: Model theft and inference attacks emerge as top concerns
Generative AI has emerged as a powerful tool, heralded for its potential but also scrutinized for its implications. Enterprises will invest nearly $16 billion worldwide on …
Companies scramble to integrate immediate recovery into ransomware plans
More than one-third of companies still do not have a well-rounded, holistic ransomware strategy in place, according to Zerto. Immediate recovery crucial for businesses’ …
Cyberattacks cause revenue losses in 42% of small businesses
85% of small business leaders say they are ready to respond to a cyber incident despite a record-high 73% reporting an attack in 2023, according to Identity Theft Resource …
Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: GOAD: Vulnerable Active Directory environment for practicing attack …
Apple news: iLeakage attack, MAC address leakage bug
On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. This time around, the updates did not garner as …
Raven: Open-source CI/CD pipeline security scanner
Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across …
Featured news
Resources
Don't miss
- How global collaboration is hitting cybercriminals where it hurts
- Vet: Open-source software supply chain security tool
- Bankers Association’s attack on cybersecurity transparency
- Attackers breached ConnectWise, compromised customer ScreenConnect instances
- Product showcase: Smarter pentest reporting and exposure management with PlexTrac