Recent Security News
-
The 7 Deadly Sins of Security Awareness Training
November 21, 2023 at 06:47PM Avoid these tactics when educating employees about risk. As an executive assistant, my role is to diligently and accurately generate clear takeaways from meeting notes. Based on the provided meeting notes, it is advised to avoid using these tactics when trying to educate employees about risk. It is recommended to…
-
Citrix Bleed Bug Inflicts Mounting Wounds, CISA Warns
November 21, 2023 at 05:39PM LockBit 3.0 ransomware affiliates are targeting the “Citrix Bleed” security vulnerability, prompting warnings from CISA and Citrix. The bug allows authentication bypass, giving threat actors access to user sessions and credentials. Citrix’s patch is not sufficient to protect against compromise. Organizations are advised to upgrade immediately and assess vulnerability. Thousands…
-
AutoZone Files MOVEit Data Breach Notice With State of Maine
November 21, 2023 at 05:39PM AutoZone’s CISO, Doug Baldwin, reported a data breach to the state of Maine affecting 184,995 individuals, with 293 residents affected. The breach, discovered this month but occurring on May 28, involved a threat actor exploiting a vulnerability in the MOVEit application. AutoZone has disabled the application, conducted an investigation, and…
-
Microsoft now rolling out Copilot to Windows 10 devices
November 21, 2023 at 05:25PM Microsoft is rolling out its Copilot AI assistant to eligible Windows 10 systems through the Windows Insider program. Insiders in the Release Preview Channel can start testing Copilot by activating a toggle in Windows settings. The rollout will be phased over the coming months, with Windows 10 Enterprise/Education versions and…
-
Exploit for Critical Windows Defender Bypass Goes Public
November 21, 2023 at 04:32PM A proof-of-concept exploit (PoC) has been released for a critical zero-day vulnerability in Windows SmartScreen. The vulnerability, identified as CVE-2023-36025, allows attackers to bypass Windows Defender SmartScreen checks without triggering alerts. The exploit involves tricking users into clicking on a malicious internet shortcut or link. The vulnerability affects various Windows…