Recent Security News
-
Governments Urge Organizations to Hunt for Ivanti VPN Attacks
March 1, 2024 at 08:57AM Five Eyes agencies warn of ongoing exploitation of Ivanti VPN flaws and encourage organizations to assume credentials have been compromised, hunt for malicious activity, use Ivanti’s Integrity Checker Tool, and apply patches. Ivanti releases enhanced ICT to detect new/changed files on affected appliances. Agencies offer IoCs, Yara rules, and incident…
-
CISA Warns of Windows Streaming Service Vulnerability Exploitation
March 1, 2024 at 08:57AM The US cybersecurity agency CISA added a high-severity elevation of privilege flaw in Microsoft Streaming Service to its Known Exploited Vulnerabilities catalog, warning of active exploitation. The flaw, tracked as CVE-2023-29360, could allow attackers to gain System privileges. CISA urges organizations to apply patches and has a deadline of March…
-
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users
March 1, 2024 at 08:48AM A novel phishing kit targets mobile devices by impersonating login pages of cryptocurrency services. The kit tricks victims into sharing credentials, password reset URLs, and even photo IDs via email, SMS, and voice phishing. The attacks have successfully targeted over 100 victims, employing CAPTCHA tests and customization to appear credible.…
-
4 Instructive Postmortems on Data Downtime and Loss
March 1, 2024 at 06:15AM The text discusses the concept of “blameless” postmortems in tech companies and provides detailed examples of such postmortems from GitLab, Tarsnap, Roblox, and Cloudflare. These case studies uncover the root causes of outages, the impact of the incidents, and the lessons learned in data security and continuity planning. The examples…