2024

Taming the multi-vault beast

GitGuardian takes on enterprise secrets sprawl Partner Content  With Non-Human Identities (NHIs) now outnumbering human users 100 to one in enterprise environments, managing secrets across multiple vaults has become a significant security concern.…

North Korea’s fake IT worker scam hauled in at least $88 million over six years

DoJ thinks it's found the folks that ran it, and some of the 'IT warriors' sent out to fleece employers North Korea's fake IT worker scams netted the hermit kingdom $88 million over six years, according to the US Department of Justice, which thinks it's found the people…

Apache issues patches for critical Struts 2 RCE bug

More details released after devs allowed weeks to apply fixes We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE.…

Lights out for 18 more DDoS booters in pre-Christmas Operation PowerOFF push

Holiday cheer comes in the form of three arrests and 27 shuttered domains The Europol-coordinated Operation PowerOFF struck again this week as cross-border cops pulled the plug on 27 more domains tied to distributed denial of service (DDoS) criminality.…

British Army zaps drones out of the sky with laser trucks

High-energy weapon proves its mettle in testing The British Army has successfully destroyed flying drones for the first time using a high-energy laser mounted on an armored vehicle. If perfected, the technology could form an effective counter-measure against drone attacks.…

Firefox ditches Do Not Track because nobody was listening anyway

Few websites actually respect the option, says Mozilla When Firefox 135 is released in February, it'll ship with one less feature: Mozilla plans to remove the Do Not Track toggle from its Privacy and Security settings. …

Citrix goes shopping in Europe and returns with gifts for security-conscious customers

Acquires two companies that help those on the nice list keep naughty list types at bay Citrix has gone on a European shopping trip, and come home with its bag of gifts bulging thanks to a pair of major buys: infosec outfits deviceTRUST and Strong Network.…

Three more vulns spotted in Ivanti CSA, all critical, one 10/10

Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker Ivanti just put out a security advisory warning of three critical vulnerabilities in its Cloud Services Application (CSA), including a perfect 10.…

US names Chinese national it alleges was behind 2020 attack on Sophos firewalls

Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware The US Departments of Treasury and Justice have named a Chinese business and one of its employees as the actors behind the 2020 exploit of a zero-day flaw in Sophos firewalls…

Microsoft holds last Patch Tuesday of the year with 72 gifts for admins

Twas the night before Christmas, and all through the house, patching was done with the click of a mouse Patch Tuesday  Microsoft hasn't added too much coal to the stocking this Patch Tuesday, with just 72 fixes, only one of which scored more than nine on the CVSS…

Copyright © 2024 Lugapel