Recent Security News
-
Effective Incident Response Relies on Internal and External Partnerships
January 16, 2024 at 07:10PM Security teams increasingly collaborate with internal and external partners for incident response, recognizing the importance of coordination. 63% coordinate with internal communications, 44% know whom to contact in HR, and 39% have dedicated resources for external communications. Cross-functional collaboration is crucial due to the wide-reaching impact of security breaches. Also,…
-
Accenture and SandboxAQ Collaborate to Help Organizations Protect Data
January 16, 2024 at 05:44PM Accenture and SandboxAQ are partnering to offer AI and quantum computing solutions for cybersecurity vulnerabilities. The collaboration aims to help organizations identify and mitigate threats posed by AI-enabled cyberattacks and quantum computing-based decryption. Accenture will leverage SandboxAQ’s Security Suite to provide comprehensive AI-enabled cryptographic management. The partnership will also develop…
-
GitHub rotates keys to mitigate impact of credential-exposing flaw
January 16, 2024 at 05:23PM GitHub resolved vulnerabilities enabling attackers to access credentials in production containers by patching CVE-2024-0200. The update applies to GitHub Enterprise Server versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. While potential exploitation requires an organization owner role, GitHub rotated exposed credentials and urges swift security update installation. Additionally, a command injection vulnerability…
-
MacOS info-stealers quickly evolve to evade XProtect detection
January 16, 2024 at 04:34PM The macOS platform faces persistent challenges with information stealers evading detection, as highlighted in a report by SentinelOne that presents three malware examples circumventing XProtect. KeySteal, Atomic Stealer, and CherryPie showcase the ability of malware to evolve and avoid detection, emphasizing the need for advanced security measures beyond static detection.…
-
Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet
January 16, 2024 at 04:34PM Ivanti VPNs globally compromised due to two unpatched zero-day vulnerabilities, allowing attackers to gain network access. Thousands infected, primarily by group UTA0178, with no available patches until Jan. 22 and Feb. 19. Ivanti released a mitigation and Integrity Checker Tool for existing compromises. Customers advised to follow incident response playbook…