A critical vulnerability has been discovered in the Ivanti Cloud Services Application (CSA), potentially allowing attackers to execute remote code and access restricted functionality. Ivanti has released an urgent security update to address the issues, tracked as CVE-2024-47908 and CVE-2024-11771,…
Tag: EN
Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now
Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below – CVE-2024-38657 (CVSS…
Critical OpenSSL Vulnerability Let Attackers Launch Man-in-the-Middle Attacks
A high-severity security vulnerability (CVE-2024-12797) has been identified in OpenSSL, one of the most widely used cryptographic libraries. The flaw allows attackers to exploit a loophole in TLS and DTLS handshakes, potentially enabling man-in-the-middle (MITM) attacks on vulnerable connections. OpenSSL…
SysReptor: Open-source penetration testing reporting platform
SysReptor is a customizable open-source penetration testing reporting platform built for pentesters, red teamers, and cybersecurity professionals. You can optimize your workflow by simplifying, automating, and personalizing your reports. “SysReptor is an easy-to-use tool for pentesters and simplifies pentest reporting.…
It’s time to secure the extended digital supply chain
Organizations’ increasing reliance on third-party software and services has created an environment with more vulnerabilities and harder-to-detect risks. Attackers know they can increase efficiency and profitability by compromising the supply chain and are focusing their efforts accordingly. The commoditization of…
Microsoft Patch Tuesday, February 2025 Edition
Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. This article has been indexed from Krebs on Security Read the original…
This Ad-Tech Company Is Powering Surveillance of US Military Personnel
In a letter to a US senator, a Florida-based data broker says it obtained sensitive data on US military members in Germany from a Lithuanian firm, revealing the global nature of online ad surveillance. This article has been indexed from…
Product Update | Cloud Monitor + Content Filter
NEW! In Cloud Monitor: Policy Enhancements We’re thrilled to introduce our latest Cloud Monitor policy updates! We designed these enhancements to make it easier than ever for administrators to keep students safe and secure in the classroom. With smarter alerting…
Silent breaches are happening right now, most companies have no clue
The breaches and ransomware attacks of 2024 highlighted systemic vulnerabilities, demonstrating how third-party and fourth-party dependencies amplify risks across industries, according to a Black Kite report. Researchers revealed how silent breaches underscore the risk posed by unseen vulnerabilities in third-party…
CEOs must act now to embrace AI or risk falling behind
While 4 out of 5 CEOs recognize AI’s potential, many worry gaps in their understanding will impact strategic decisions, risking missed opportunities and falling behind competitors, according to Cisco. Yet, CEOs are not standing still. With support from IT leaders…
Linux X.509 Certificate-Based User Login Flaws Let Attackers Bypass Authentication
Three critical vulnerabilities have been identified in the PAM-PKCS#11 module, a widely used Linux-PAM login module that facilitates X.509 certificate-based user authentication. These vulnerabilities, cataloged under CVE-2025-24032, CVE-2025-24531, and CVE-2025-24031, pose significant risks by allowing attackers to bypass authentication mechanisms,…
February’s Patch Tuesday sees Microsoft offer just 63 fixes
Don’t relax just yet: Redmond has made some certificate-handling changes that could trip unprepared admins Patch Tuesday Microsoft’s February patch collection is mercifully smaller than January’s mega-dump. But don’t get too relaxed – some deserve close attention, and other vendors…
ISC Stormcast For Wednesday, February 12th, 2025 https://isc.sans.edu/podcastdetail/9320, (Wed, Feb 12th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, February 12th, 2025…
An ontology for threats, cybercrime and digital forensic investigation on Smart City Infrastructure, (Wed, Feb 12th)
Blue teams have it hard – they maintain a watchful eye on whatever technology is deployed to detect threats, respond to incidents, perform digital forensics and reverse malware (or make malware happy!) when needed. Hopefully, no one has to handle…
Anthropic CEO Dario Amodei warns: AI will match ‘country of geniuses’ by 2026
Anthropic CEO Dario Amodei warns AI will reach genius-level capabilities by 2026, calling Paris Summit a “missed opportunity” as U.S. and European leaders clash over regulation of rapidly advancing artificial intelligence systems. This article has been indexed from Security News…
Neil Lawrence: What makes us unique in the age of AI | Starmus highlights
As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human? This article has been indexed from WeLiveSecurity Read the original article: Neil Lawrence: What makes…
Cybercrime Threatens National Security, Google Threat Intel Team Says
On the eve of the Munich Security Conference, Google argues that the cybercriminal threat should be treated as a national security threat like state-backed hacking groups. The post Cybercrime Threatens National Security, Google Threat Intel Team Says appeared first on…
Cybercrime: A Multifaceted National Security Threat
< div class=”block-paragraph_advanced”> Executive Summary Cybercrime makes up a majority of the malicious activity online and occupies the majority of defenders’ resources. In 2024, Mandiant Consulting responded to almost four times more intrusions conducted by financially motivated actors than state-backed…
Phobos and 8Base Ransomware criminals arrested by FBI
In a major joint operation, the FBI, in collaboration with the UK’s National Crime Agency (NCA), Europol, and law enforcement agencies from France, Germany, Japan, Romania, Switzerland, Thailand, Spain, and Bavaria, has officially announced the arrest of four European nationals…
Attackers exploit a new zero-day to hijack Fortinet firewalls
Fortinet warned of attacks using a now-patched zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls. Fortinet warned that threat actors are exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (CVSS score of 8.1), in FortiOS and FortiProxy to…