IT teams unable to deliver data fast enough to match the speed of business
Increasing data requests overwhelm IT teams, but security concerns hinder their ability to provide employees with access to timely data, according to CData Software. The …
Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)
Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that …
1,700 Ivanti VPN devices compromised. Are yours among them?
Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional …
3 ways to combat rising OAuth SaaS attacks
OAuth attacks are on the rise. In December, the Microsoft Threat Intelligence team observed threat actors misusing OAuth apps to take over a cloud server and mine …
10 cybersecurity frameworks you need to know about
As cyber threats grow more sophisticated, understanding and implementing robust cybersecurity frameworks is crucial for organizations of all sizes. This article lists the most …
Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations
Tsurugi Linux is a heavily customized open-source distribution focused on supporting DFIR investigations. The project focuses mainly on live forensics analysis, post-mortem …
Geopolitical tensions combined with technology will drive new security risks
Misinformation and disinformation are biggest short-term risks, while extreme weather and critical change to Earth systems are greatest long-term concern, according to the …
Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)
A vulnerability (CVE-2023-36025) that Microsoft fixed in November 2023 continues to be exploited by malware peddlers: this time around, the delivered threat is a variant of …
Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)
Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About …
Flipping the BEC funnel: Phishing in the age of GenAI
For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic (and usually poorly-written) email and fire it out to thousands of …
Adalanche: Open-source Active Directory ACL visualizer, explorer
Adalanche provides immediate insights into the permissions of users and groups within an Active Directory. It’s an effective open-source tool for visualizing and …
Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Social engineer reveals effective tricks for real-world intrusions In this …
Featured news
Resources
Don't miss
- Fake macOS help sites push Shamos infostealer via ClickFix technique
- Why a new AI tool could change how we test insider threat defenses
- Why satellite cybersecurity threats matter to everyone
- Kopia: Open-source encrypted backup tool for Windows, macOS, Linux
- Review: Adversarial AI Attacks, Mitigations, and Defense Strategies