Recent Security News
-
Payoneer accounts in Argentina hacked in 2FA bypass attacks
January 19, 2024 at 03:28PM Many Payoneer users in Argentina woke up to find their 2FA-protected accounts hacked, with funds stolen after receiving SMS OTP codes while sleeping. Suspected hacking methods include a potential Movistar data leak or a breached SMS provider. Payoneer has not provided specific answers but acknowledged the fraud and advised users…
-
Third Ivanti Vulnerability Exploited in the Wild, CISA Reports
January 19, 2024 at 03:00PM A critical vulnerability, CVE-2023-35082, in Ivanti Endpoint Manager Mobile (EPMM) with a CVSS score of 9.8 has been added to CISA’s Known Exploited Vulnerabilities Catalog. It allows an authentication bypass and patch bypass for another high-risk vulnerability, CVE-2023-35078. Rapid7 reports a potential threat actor exploitation, with all versions of Invanti…
-
AI Gives Defenders the Advantage in Enterprise Defense
January 19, 2024 at 02:46PM The International Conference on Cyber Security at Fordham University highlighted the increasing use of AI for enterprise defense against adversaries. While CISOs acknowledge the importance of AI, they are also prioritizing supply chain security, authentication technologies, and addressing the implications of global conflicts on critical infrastructure. CISOs believe AI provides…
-
CISA emergency directive: Mitigate Ivanti zero-days immediately
January 19, 2024 at 02:30PM CISA issued an emergency directive to address widespread exploitation of Ivanti Connect Secure and Ivanti Policy Secure flaws by threat actors. Federal agencies must immediately implement mitigation measures, report indications of compromise, and take action to restore impacted appliances. Threat monitoring service has detected compromised Ivanti appliances being used for…
-
CISOs Struggle for C-Suite Status Even As Expectations Skyrocket
January 19, 2024 at 01:12PM A survey of 663 security executives revealed that CISOs are increasingly expected to take on C-suite responsibilities without being recognized as such. The evolving role is driven by heightened regulatory scrutiny and demands for accountability. There’s a lack of board guidance for CISOs, who are often not integrated into the…