Recent Security News
-
Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in
January 12, 2024 at 09:25PM Mandiant’s threat intel team identified two zero-day bugs in Ivanti products that were under attack by cyberspies as early as December. Ivanti has disclosed the vulnerabilities in their products and is working on rolling out patches while urging customers to immediately deploy mitigations. The situation is particularly concerning as the…
-
This is why we update… Data-thief malware exploits unpatched Windows PCs
January 12, 2024 at 07:00PM Criminals exploit Windows Defender SmartScreen bypass vulnerability to spread Phemedrone Stealer malware, targeting sensitive data on PCs. The flaw CVE-2023-36025 was patched by Microsoft in November, but a proof-of-concept exploit has been created. The malware targets various browsers, applications, and cryptocurrency wallets, and uses obfuscation techniques to evade detection. Update…
-
Former Secretary of State Mike Pompeo Joins Cyabra Board of Directors
January 12, 2024 at 06:12PM Cyabra, a leading counter-disinformation company, appoints former Secretary of State Mike Pompeo to its Board of Directors due to strong revenue growth and successful funding. Pompeo’s strategic expertise complements Cyabra’s goal to counter disinformation. The company also secures a $5.7 million Series A extension round to support research, development, and…
-
SEC X Account Hack Draws Senate Outrage
January 12, 2024 at 05:43PM Senators Wyden and Lummis have criticized the SEC for its failure to implement basic multifactor authentication (MFA) protections following the compromise of the X Twitter account. They have urged the Inspector General to investigate this cybersecurity lapse, emphasizing the potential impact on market stability and trust. The SEC’s failure to…
-
CISA Adds 9.8 ‘Critical’ Microsoft SharePoint Bug to its KEV Catalog
January 12, 2024 at 05:43PM The Cybersecurity and Infrastructure Security Agency (CISA) added a critical privilege escalation vulnerability, CVE-2023-29357, affecting Microsoft SharePoint servers to its list of Known Exploited Vulnerabilities (KEV). This vulnerability, rated 9.8 out of 10, allows attackers to bypass authentication and gain administrative access. Despite a June patch, active exploitation continues, as…