February 23, 2024 at 12:29PM Corporate directors and security teams are under pressure to comply with the SEC’s new cybersecurity regulations. Woodruff Sawyer’s David Anderson warns that mishandling PII could lead to costly claims, potentially rivaling ransomware attacks. Privacy issues, including pixel-tracking claims and GDPR violations, are becoming a top concern for cyber insurance underwriters. … Read more
February 16, 2024 at 05:04PM The increase in data breaches and cyberattacks has made these incidents more visible than ever. Security professionals are reconsidering their security strategies and investments due to heightened focus. Despite deploying various security tools, many organizations lack confidence in their ability to withstand attacks. The threat landscape is evolving, and the … Read more
February 9, 2024 at 04:09PM Ivanti announced patches for a high-severity vulnerability, CVE-2024-22024, affecting enterprise VPN and network access products. The XML external entity (XXE) issue in SAML component of Connect Secure, Policy Secure, and ZTA appliances could allow unauthorized access to restricted resources. Patches addressing the flaw were included in various versions. No evidence … Read more
February 6, 2024 at 05:32PM IONIX has completed its $42 million A Round financing, including $15 million from new investor Maor Investments, expanding its total funding to $50.3 million. The funding will be used to accelerate market activities, develop product roadmap, and enhance Threat Exposure Management capabilities. Cyber veteran Chad Kinzelberg joins the board to … Read more
February 2, 2024 at 05:21PM Remote access solution AnyDesk suffered a cyberattack leading to data theft from its production systems. The company, with 170,000 clients including 7-Eleven and Samsung, reassures the safety of the software and has initiated security measures after revoking certificates. It urges users to update to version 8.0.8 and change passwords due … Read more
January 31, 2024 at 12:48PM Ivanti is urgently addressing two high-severity vulnerabilities in its Connect Secure and Policy Secure VPN products, discovered during the investigation of zero-day attacks. The company has started rolling out patches for critical bugs and issued an alert to its customers to test and deploy available fixes promptly. Digital forensics firm … Read more
January 31, 2024 at 12:38PM Ivanti has flagged high-severity vulnerabilities in its Connect Secure and Policy Secure products. CVE-2024-21888 allows privilege escalation, while CVE-2024-21893 allows server-side request forgery. Although there’s no evidence of customers being impacted by CVE-2024-21888, CVE-2024-21893’s exploitation is targeted. Ivanti has released fixes and recommends a factory reset before patching. Temporary workarounds … Read more
January 26, 2024 at 05:05PM Bastille Networks, Inc. secures a $44 million Series C investment led by Goldman Sachs, with Bessemer Venture Partners joining. The company will utilize the funds to support its rapid growth and expansion into new markets. Goldman Sachs’ investment underscores confidence in Bastille’s innovative wireless threat intelligence, which has tripled its … Read more
January 23, 2024 at 09:12AM Splunk announced patches for multiple vulnerabilities, including a high-severity bug (CVE-2024-23678) affecting Splunk Enterprise on Windows, allowing unsafe deserialization leading to potential denial of service, application logic abuse, or code execution. Other medium-severity vulnerabilities and flaws in third-party packages were also resolved in versions 9.0.8 and 9.1.3. Splunk recommends upgrading … Read more
January 23, 2024 at 06:54AM F5 announced that Samir Sherif is named Senior Vice President and Chief Information Security Officer. In the role, he will lead the enterprise cybersecurity strategy, security culture, and oversee cybersecurity standards and programs. Sherif has previously served as CISO at Absolute Software and Imperva and had a long career at … Read more