Category Security

Jan 16, 2025Ravie LakshmananVulnerability / Endpoint Security Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure. All the four…

The video game Path of Exile 2 suffers a security breach, we explore the issues of using predictive algorithms in travel surveillance systems, and the very worst IoT devices are put on show in Las Vegas. Oh, and has Elon…

The EU Commission has presented a new action plan designed to bolster the cybersecurity of hospitals and healthcare providers, which includes the launch of a pan-European Cybersecurity Support Centre offering tailored guidance, tools, services, and training. The plan was made public…

Jan 16, 2025Ravie LakshmananEndpoint Security / Ransomware Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout…

Microsoft released security updates for eight zero-day flaws in its first Patch Tuesday of 2025, with three of the vulnerabilities under active exploitation. Microsoft defines zero-day vulnerabilities as software flaws that have either been publicly disclosed or are being actively…

Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk. In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial…

Fortinet has disclosed a new critical zero-day vulnerability affecting some of its FortiGate firewalls. In a security advisory published on January 14, FortiGuard Labs revealed a new authentication bypass vulnerability affecting FortiOS and FortiProxy that could be exploited to hack…

Jan 15, 2025Ravie LakshmananVulnerability / Software Update As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. “Attackers can…

Over 78% of organizations use two or more cloud providers, up from 71% last year, reflecting the growing need for resilience and specialized services. These figures come from Fortinet’s 2025 State of Cloud Security Report, released today. Growing Adoption of…

Jan 15, 2025Ravie LakshmananCryptocurrency / Malware The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. “The campaign begins…