Ivanti’s Cloud Service Appliance Attacked via Second Vuln
The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).
Meet UNC1860: Iran’s Low-Key Access Broker for State Hackers
The group has used more than 30 custom tools to target high-value government and telecommunications organizations on behalf of Iranian intelligence services, researchers say.
UAE, Saudi Arabia Become Plum Cyberattack Targets
Hacktivism-related DDoS attacks have risen 70% in the region, most often targeting the public sector, while stolen data and access offers dominate the Dark Web.
Shadow AI, Sensitive Data Exposure & More Plague Workplace Chatbot Use
Productivity has a downside: A shocking number of employees share sensitive or proprietary data with the generational AI platforms they use, without letting their bosses know.
Insider Threat Damage Balloons as Visibility Gaps Widen
A growing number of organizations are taking longer to get back on their feet after an attack, and they’re paying high price tags to do so — up to $2M or more.
iPhone ‘VoiceOver’ Feature Could Read Passwords Aloud
CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility features.
Manufacturers Rank as Ransomware’s Biggest Target
Improvements in cybersecurity and basics like patching aren’t keeping pace with the manufacturing sector’s rapid growth.
Ex-Uber CISO Requests a New, ‘Fair’ Trial
Attorneys for Joseph Sullivan argue the jury didn’t hear essential facts of the case during the original trial and that his conviction must be overturned.
Vulnerability Prioritization & the Magic 8 Ball
Vulnerability prioritization has evolved over the years. Several frameworks exist to help organizations make the right decisions when it comes to deciding which patches to apply and when. But are these better than a Magic 8 Ball?
Despite Prevalence of Online Threats, Users Aren’t Changing Behavior
Consumers are victims of online scams and have their data stolen, but they are lagging on adopting security tools to protect themselves.


