Latest Cybersecurity News and Articles
23 May 2024
Patchstack discovered the critical flaw in the plugin’s password reset mechanism, specifically within the userpro_process_form function, which allowed unauthenticated users to change the passwords of other users under certain conditions.
23 May 2024
Rockwell Automation warned customers to disconnect industrial control systems (ICS) from the internet, citing escalating cyber threats and rising global geopolitical tensions.
23 May 2024
Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022.
"An analysis of this threat actor’s activity reveals long-term espionage operations against at least seven governmental entities," Palo Alto Networks
23 May 2024
Conversations about data security tend to diverge into three main threads:
How can we protect the data we store on our on-premises or cloud infrastructure?
What strategies and tools or platforms can reliably backup and restore data?
What would losing all this data cost us, and how quickly could we get it back?
All are valid and necessary conversations for technology organizations of all shapes
23 May 2024
Apple is one of several companies, along with Google, Skyhook, and others, that operate a WPS. They offer client devices a way to determine their location that's more energy efficient than using the Global Positioning System (GPS).
23 May 2024
Former White House National Security Council cyber staff member Jeff Greene, the current cybersecurity programs director at the Aspen Institute think tank, is joining the CISA next month, the agency confirmed.
23 May 2024
The U.S. Securities and Exchange Commission (SEC) announced today that a major player in the U.S. financial system has agreed to pay a $10 million penalty for failing to timely report an April 2021 VPN breach.
23 May 2024
The MDR business was stood up in 2018 as a standalone unit within Novacoast, and rebranded in September 2022 from novaSOC to Pillr. Novacoast CEO Paul Anderson served as Pillr's chief executive for most of its existence.
23 May 2024
Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances.
Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to
23 May 2024
CloudSEK researchers found the fake spyware after perusing around 25,000 posts of individuals offering Pegasus and other NSO tools via channels on the messaging service Telegram.
23 May 2024
An authentication bypass vulnerability of maximum severity (CVSS V4 Score: 10.0) tracked as CVE-2024-4985 was recently fixed by GitHub. It impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication.
23 May 2024
There are plenty of widely-used code snippet plugins available but in this case the attackers decided to use a very obscure plugin called Dessky Snippets, with only a few hundred active installations at the time of writing.
23 May 2024
Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell.
"Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as JavaScript and PowerShell," Microsoft Program Manager Naveen Shankar said. "These languages
23 May 2024
A new report examines how security budgets and compliance strategies are impacted by the shifting regulatory landscape.
22 May 2024
There has been an increase in malicious emails, including a rise in BEC, phishing and other message-based attacks driven by generative AI.
22 May 2024
Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's believed to have been active since 2018.
The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets, Bitdefender said in a report shared with The Hacker News.
"The investigation revealed a troubling
22 May 2024
Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity.
The company said it's issuing the advisory due to "heightened geopolitical tensions and adversarial cyber activity globally."
To that end, customers are required to take immediate
22 May 2024
New research highlights the cybersecurity risks that organizations are facing due to the rise in sophistication among malicious actors.
22 May 2024
According to a recent healthcare cybersecurity report, more than 25% of ransomware attacks directly impact patient care, including lost data.
22 May 2024
Over 70% of water systems surveyed since last September failed to meet certain EPA security standards, leaving them vulnerable to cyberattacks that could disrupt wastewater and water sanitation systems nationwide, the EPA reported on Monday.