Strong capabilities in cyber threat intelligence (CTI) can help take a cybersecurity program to the next level on many different […]
Stop wasting money on ineffective threat intelligence: 5 mistakes to avoid Read Post »
The US has again taken court-approved action to remove malware from privately-held internet-connected computers across the country, part of an
International effort erases PlugX malware from thousands of Windows computers Read Post »
Fortinet has confirmed the existence of a critical authentication bypass vulnerability in specific versions of FortiOS firewalls and FortiProxy secure
Fortinet confirms zero-day flaw used in attacks against its firewalls Read Post »
Cyber security maturity declines among Australian government agencies in 2024, as legacy IT systems hinder progress under the Essential Eight
Australian Government Agencies Failing to Keep Up With Cyber Security Change Read Post »
Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent
January Windows updates may fail if Citrix SRA is installed Read Post »
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.
The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation Read Post »
New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.
“Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees,” Truffle Security co-founder and CEO Dylan Ayrey said
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains Read Post »
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025.
What do identity risks, data security risks and third-party
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored Read Post »
The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated.
The figures, released by blockchain analytics firm Elliptic, show that monthly inflows have increased by 51% since July 2024.
Huione Guarantee, part
Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions Read Post »
Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet.
“The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes,” cybersecurity firm