Recent Security News
-
Finland warns of Akira ransomware wiping NAS and tape backup devices
January 11, 2024 at 10:16AM NCSC-FI warns of increased Akira ransomware attacks in December, targeting Finnish companies and wiping backups. The attacks exploited a vulnerability in Cisco VPNs, allowing unauthorized access to networks. The agency advises switching to offline backups and updating Cisco ASA and FTD to prevent further attacks. They emphasize the need for…
-
AI-Powered Misinformation is the World’s Biggest Short-Term Threat, Davos Report Says
January 11, 2024 at 09:43AM The World Economic Forum’s Global Risks Report identified artificially powered misinformation as the top immediate risk to the global economy, with environmental risks posing long-term threats. The report emphasized the potential impact of AI on polarizing societies and eroding democracy, and highlighted the risks associated with deepfake technology and AI-powered…
-
Intel, AMD, Zoom, Splunk Release Patch Tuesday Security Advisories
January 11, 2024 at 09:43AM On the first Patch Tuesday of 2024, Intel, AMD, Zoom, and Splunk released security advisories. Intel addressed BIOS firmware vulnerabilities, AMD reported a low-severity SEV-SNP issue, and Splunk patched critical and high-severity vulnerabilities. Zoom informed customers of a high-severity flaw affecting Windows products. Several other companies also released their first…
-
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions
January 11, 2024 at 09:43AM Merck settled a legal battle with insurance companies over $1.4 billion in claimed damages caused by the NotPetya cyberattack, challenging hostile/warlike act exclusion clauses. The resolution is significant for businesses amid increasing cyberattacks. Although insurance firms clarify act-of-war clauses, companies must carefully review coverage to mitigate risks from complex cyberthreats.…
-
CISA Urges Patching of Exploited SharePoint Server Vulnerability
January 11, 2024 at 09:21AM CISA warns of actively exploited Microsoft SharePoint Server vulnerability (CVE-2023-29357) allowing unauthenticated attackers to gain admin privileges. Exploit involves sending a spoofed JWT authentication token; no user interaction needed. CISA adds CVE-2023-29357 to Known Exploited Vulnerabilities list, advising federal agencies to patch within 21 days as per BOD 22-01. All…