Category Security

Jan 14, 2025Ravie LakshmananVulnerability / Data Privacy New research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. “Google’s OAuth…

Critical national infrastructure (CNI) providers are getting better at remediating exploited vulnerabilities and other cyber hygiene best practices, according to the US Cybersecurity and Infrastructure Security Agency (CISA). The agency’s new Cybersecurity Performance Goals Adoption Report analyzed the performance of…

Jan 14, 2025Ravie LakshmananEndpoint Security / Vulnerability Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as “root” to bypass the operating system’s System Integrity Protection (SIP)…

The Biden-Harris Administration has introduced a new Interim Final Rule on Artificial Intelligence Diffusion aimed at enhancing US national security and preventing the misuse of advanced US technology by countries of concern. The rule strengthens protections against misuse of advanced…

Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin’s efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work of an…

Browser-based cyber-threats have surged throughout 2024, marking a significant shift in the tactics employed by malicious actors. According to new findings from the 2024 Threat Data Trends report by the eSentire Threat Response Unit (TRU), while malware delivered via email…

Jan 14, 2025Ravie LakshmananVulnerability / Network Security Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. “The campaign involved unauthorized administrative logins on management interfaces…

Manchester-based law firm Barings Law has rallied 15,000 people to sue Google and Microsoft over numerous alleged violations of data misuse. Following a two-year investigation into Google and Microsoft, the law firm claimed to have found evidence that significant amounts…

What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can…

The UK government has proposed banning public sector and critical infrastructure organizations from making ransomware payments. The proposed payment ban been included in a Home Office-led consultation published on January 14. It focuses on protecting hospitals, schools, railways and other…