Content Paint
Search
Sign in

Cybersecurity

vulnerabilities  | Jan 10, 2024
Pre-auth RCE zero days in Ivanti VPNs are being exploited by a Chinese APT and there won’t be a patch for weeks. Buckle up.
Pre-auth RCE zero days in Ivanti VPNs are being exploited by a Chinese APT and there won’t be a patch for weeks. Buckle up.

Attackers re-write JavaScript loaded by the VPN login page for the Appliance to capture credentials; also grabbed Veeam credentials, moved laterally for full SYSTEM control.

Cybersecurity  | Jan 08, 2024
Software licensing bug percolates pre-auth RCE risk downstream to PLC-land
Software licensing bug percolates pre-auth RCE risk downstream to PLC-land

Another arguably more potent example and one actively exploited in the wild is CVE-2023-46604 – a CVSS 10 RCE vulnerability in Apache ActiveMQ; an open source message broker written in Java.

Interviews  | Jan 05, 2024
The Big Interview: Rubrik CEO Bipul Sinha on going from no running water, to running a $500m business
The Big Interview: Rubrik CEO Bipul Sinha on going from no running water, to running a $500m business

On Magic Quadrants, deal size, changing approaches to cyber-resilience and learning from his father.

 |  Cybersecurity  | Jan 03, 2024
Utilities splash cash to get OT security in order as new "e-CAF" regime shakes up sector
Utilities splash cash to get OT security in order as new "e-CAF" regime shakes up sector

Another £82 million in Operational Technology and cybersecurity contracts hits the market as water, gas companies overhaul legacy systems amid pressure...

bug bounty  | Jan 03, 2024
Hallucinated vulnerability disclosure for Curl generates disgust
Hallucinated vulnerability disclosure for Curl generates disgust

But Bug Bounty platform HackerOne isn't too worried that LLM-generated bug reports will become a deluge...

News  | Dec 18, 2023
NSA updates software guidelines
NSA updates software guidelines

The NSA has posted a new set of cybersecurity guidelines for government agencies

Cybersecurity  | Dec 18, 2023
$11 billion North Face owner, VF Corp., hit by ransomware
$11 billion North Face owner, VF Corp., hit by ransomware

Attacker "disrupted… business operations by encrypting some IT systems, and stole data from the company"

SEC  | Dec 18, 2023
New SEC cyber rules are go...
SEC cyber rules

Firms need to disclose any cybersecurity incident they determine to be material and to describe the material aspects of the incident's nature, scope, and timing within four days.

 |  banks  | Dec 15, 2023
Europe's banks steel themselves for a tough ECB cyber resilence test after blistering criticism
ECB cybersecurity test

"Institutions continue to report gaps in risk control areas considered fundamental to cyber hygiene, such as proper identity and access management, timely vulnerability patching or network security"

Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.