Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)
Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which …
Lack of skills and budget slow zero-trust implementation
The risk of a cyber breach is the number one global driver for zero trust strategy implementation, according to Entrust. The 2024 State of Zero Trust & Encryption Study …
Encrypted Notepad: Open-source text editor
Encrypted Notepad, an open-source text editor, ensures your files are saved and loaded encrypted with AES-256. With no ads, no network connection required, and no unnecessary …
New infosec products of the week: May 31, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Adaptive Shield, Dashlane, Detectify, and Truecaller. Adaptive Shield unveils …
NIST says NVD will be back on track by September 2024
The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and …
59% of public sector apps carry long-standing security flaws
Applications developed by public sector organizations have more security debt than those created by the private sector, according to Veracode. Security debt, defined for this …
NIST unveils ARIA to evaluate and verify AI capabilities, impacts
The National Institute of Standards and Technology (NIST) is launching a new testing, evaluation, validation and verification (TEVV) program intended to help improve …
Identity-related incidents becoming severe, costing organizations a fortune
With the rise of identity sprawl and system complexity, more businesses are suffering identity-related incidents than ever before, according to IDSA. Identity-related …
Moonstone Sleet: A new North Korean threat actor
Microsoft has named yet another state-aligned threat actor: Moonstone Sleet (formerly Storm-1789), which engages in cyberespionage and ransomware attacks to further goals of …
How fraudsters stole $37 million from Coinbase Pro users
A convincing phishing page and some over-the-phone social engineering allowed a group of crooks to steal over $37 million from unlucky Coinbase Pro users. One of them – …
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)
Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command …
Avoiding the cybersecurity blame game
Cyber risk management has many components. Those who do it well will conduct comprehensive risk assessments, enact well-documented and well-communicated processes and …