CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities catalog, thus…
Tag: EN
Portnox enhances passwordless risk-based access for enterprise applications
Portnox announced support for Microsoft External Authentication Methods (EAM) for its Conditional Access for Applications solution. This new integration extends Portnox’s commitment to delivering phishing-resistant passwordless authentication with risk-based assessment and compliance validation for enterprise applications. Microsoft’s EAM capability allows users…
Nudge Security introduces automated SaaS spend discovery capabilities
Nudge Security unveiled an automated SaaS spend discovery capabilities, building on the company’s patented approach to SaaS discovery to include analysis and insights into previously unknown SaaS spend. At a time when organizations are trying to rationalize app estates to…
ChatGPT macOS Flaw Could’ve Enabled Long-Term Spyware via Memory Function
A now-patched security vulnerability in OpenAI’s ChatGPT app for macOS could have made it possible for attackers to plant long-term persistent spyware into the artificial intelligence (AI) tool’s memory. The technique, dubbed SpAIware, could be abused to facilitate “continuous data…
Agentic AI in SOCs: A Solution to SOAR’s Unfulfilled Promises
Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR hasn’t fully delivered…
Thousands of US Congress Emails Exposed to Takeover
Some 3191 email addresses for congressional staff are available on the dark web This article has been indexed from www.infosecurity-magazine.com Read the original article: Thousands of US Congress Emails Exposed to Takeover
CrowdStrike Apologizes for IT Outage, Defends Microsoft Kernel Access
Adam Meyers, CrowdStrike VP for counter-adversary operations, appeared before a US congressional committee to answer questions about its July faulty software update This article has been indexed from www.infosecurity-magazine.com Read the original article: CrowdStrike Apologizes for IT Outage, Defends Microsoft…
Cybersecurity News: Kansas water targeted, CrowdStrike apology, MoneyGram goes dark
In today’s cybersecurity news… Kansas water plant pivots to analog after cyber event Yesterday we updated you on a ransomware attack that hit the state Kansas earlier this year. Now […] The post Cybersecurity News: Kansas water targeted, CrowdStrike apology,…
Understanding Network Attacks: Types, Trends, and Mitigation Strategies
At a time when digital connectivity is the lifeblood of all business operations, the specter of network attacks is greater than ever. As entities depend on complex network infrastructures, malefactors exploit vulnerabilities with growing sophistication and frequency. Understanding the diverse…
Navigating the Privacy Paradox: How Organizations Can Secure Customer Data While Ensuring Convenience
Privacy and convenience have always been at odds, especially regarding digital onboarding or online sign-ups. For modern organizations, striking a balance between the two has become increasingly important. At the same time, a recent report said 53% of customers suggest…
Iran Was Behind Thousands of Text Messages Calling for Revenge Over Quran Burnings, Sweden Says
Sweden is accusing Iran of hacking SMS service and sending out thousands of text messages calling for revenge over Quran burnings. The post Iran Was Behind Thousands of Text Messages Calling for Revenge Over Quran Burnings, Sweden Says appeared first…
ManageEngine Analytics Plus 6.0 identifies key inefficiencies in IT operations
ManageEngine announced a significant upgrade to its flagship IT analytics solution, Analytics Plus. Version 6.0 introduces Spotlight, a contextual recommendations engine powered by AI, designed to identify key inefficiencies in IT operations and suggest corrective strategies. The 2023 State of…
NETSCOUT’s nGeniusONE notification center streamlines and automates alerts
NETSCOUT announced enhancements to its nGenius Enterprise Performance Management solution, which includes a new notification center that helps streamline and automate alerts and contextual workflows to identify and resolve problems faster. Secured Reliable Transport (SRT) was added to support live…
Critical Ivanti Authentication Bypass Bug Exploited in Wild
CISA adds critical Ivanti bug to its Known Exploited Vulnerabilities catalog This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Ivanti Authentication Bypass Bug Exploited in Wild
U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Virtual Traffic Manager vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-7593(CVSS score of 9.8) to its…
Bitwarden inline autofill empowers users to fill passkeys directly from their vault
Bitwarden announced further enhancements to inline autofill capabilities within the Bitwarden browser extension. Following the recent addition of autofill for cards and identities, this update ensures seamless autofill of passkeys, providing a faster, more secure, and convenient way for users…
OneTrust helps organizations operationalize DORA compliance
OneTrust announced new capabilities to help organizations enhance resilience across the financial sector and operationalize compliance with the EU’s Digital Operational Resilience Act (DORA). Building upon its comprehensive OneTrust Third-Party Management solution, OneTrust will now offer first-to-market capabilities such as…
Arkansas City water treatment facility switched to manual operations following a cyberattack
Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations due to a cyberattack. Arkansas City, Kansas, had to switch its water treatment facility to manual operations over the weekend…
Commvault acquires Clumio to accelerate cyber resilience capabilities for AWS
Commvault announced it will acquire Clumio, a technology leader in data protection for critical cloud data in AWS. This transaction enables Commvault to leverage Clumio’s AWS offerings to provide cyber resilience to next generation applications built on AWS. Clumio serves…
Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware
Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans (RATs). The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging…