2024
CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame
Usual three-week window to address significant risks to federal agencies applies The US Cybersecurity and Infrastructure Security Agency (CISA) says vulnerabilities in Fortinet and Ivanti products are now being exploited, earning them places in its Known Exploited Vulnerabilities (KEV) catalog.…
Mozilla patches critical Firefox vuln that attackers are already exploiting
Firefixed: It's maintenance time for low-complexity, high-impact security flaw It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser.…
How to enable secure use of AI
Let the SANS AI Toolkit promote secure and responsible use of AI tools in the workplace Sponsored Post It's Cybersecurity Awareness Month again this October - a timely reminder for public and private sector organisations to work together and raise awareness about the importance of cybersecurity.…
Microsoft cleans up hot mess of Patch Tuesday preview
Go forth and install your important security fixes Microsoft says that the problems with the Windows 11 Patch Tuesday preview have now been resolved.…
Ransomware gang Trinity joins pile of scumbags targeting healthcare
As if hospitals and clinics didn't have enough to worry about At least one US healthcare provider has been infected by Trinity, an emerging cybercrime gang with eponymous ransomware that uses double extortion and other "sophisticated" tactics that make it a "significant threat," according to the feds.…
Microsoft issues 117 patches – some for flaws already under attack
Plus: SAP re-patches a failed patch for critical-rated flaw Patch Tuesday It's the second Tuesday of the month, which means Patch Tuesday, bringing with it fixes for numerous flaws, bugs and vulnerabilities in major software. And this one is a doozy.…
Qualcomm urges device makers to push patches after ‘targeted’ exploitation
Given Amnesty's involvement, it's a safe bet spyware is in play Qualcomm has issued 20 patches for its chipsets' firmware, including one Digital Signal Processor (DSP) software flaw that has been exploited in the wild.…
Using iPhone Mirroring at work? You might have just overshared to your boss
What does IT glimpse but a dating app on your wee little screen If you're using iPhone Mirroring at work: It's time to stop, lest you give your employer's IT department the capability to snoop through the list of apps you have on your phone — dating apps,…
Happy birthday, Putin – you’ve been pwned
Pro-Ukraine hackers claim credit for Russian state broadcasting shutdown Ukrainian hackers shut down Russian state news agency VGTRK's online broadcasting and streaming services on Monday – president Vladimir Putin's 72nd birthday – as Kremlin officials vowed to bring those responsible for the "unprecedented" cyber attack to justice.…
Google brings better bricking to Androids, to curtail crims
Improved security features teased in May now appearing around the world Google has apparently started a global rollout of three features in Android designed to make life a lot harder for thieves to profit from purloined phones.…