π Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The security provider published mitigation measures to prevent exploitation.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls
The security provider published mitigation measures to prevent exploitation
π’ Vulnerability management complexity is leaving enterprises at serious risk π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Fragmented data and siloed processes mean remediation is taking too long.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Vulnerability management complexity is leaving enterprises at serious risk
Fragmented data and siloed processes mean remediation is taking too long
π’ Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign β and theyβve already claimed two victims π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Attackers are using AWS serverside encryption to conduct ransomware attacks.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign β and theyβve already claimed twoβ¦
Attackers are using AWSβ server-side encryption to conduct ransomware attacks
π€1
π§ ISC2 Cybersecurity Workforce Study: Shortage of AI skilled workers π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
AI has made an impact everywhere else across the tech world, so it should surprise no one that the 2024 ISC2 Cybersecurity Workforce Study saw artificial intelligence AI jump into the top five list of security skills. Its not just the need for workers with securityrelated AI skills. The Workforce Study also takes a deep The post ISC2 Cybersecurity Workforce Study Shortage of AI skilled workers appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
ISC2 Cybersecurity Workforce Study: Shortage of AI skilled workers
AI has jumped into the top five list of cybersecurity skills, according to the 2024 ISC2 Cybersecurity Workforce Study. How will that affect the skills gap?
ποΈ Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
As many as six security vulnerabilities have been disclosed in the popular Rsync filesynchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and readwrite arbitrary files of any connected client," the CERT Coordination Center CERTCC said in an advisory. "Sensitive data, such as SSH keys,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ The High-Stakes Disconnect For ICS/OT Security ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Why does ICSOT need specific controls and its own cybersecurity budget today? Because treating ICSOT security with an IT security playbook isnt just ineffectiveits high risk. In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems ICS and Operational Technology OT security distinctly stand out from traditional IT security. ICSOT.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Multi-Cloud Adoption Surges Amid Rising Security Concerns π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A new report from Fortinet reveals increased adoption of multicloud strategies and hybrid implementations combining onpremises and public cloud infrastructure.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Multi-Cloud Adoption Surges Amid Rising Security Concerns
A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud infrastructure
π Chinese PlugX Malware Deleted in Global Law Enforcement Operation π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The FBI deleted Chinese PlugX malware from thousands of devices in the US, using a technique developed by French cybersecurity firm Sekoia.io.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Chinese PlugX Malware Deleted in Global Law Enforcement Operation
The FBI deleted Chinese PlugX malware from thousands of devices in the US, using a technique developed by French cybersecurity firm Sekoia.io
π Illicit Crypto-Inflows Set to Top $51bn in a Year π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Chainalysis estimates threat actors made at least 51bn through crypto crime in 2024.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Illicit Crypto-Inflows Set to Top $51bn in a Year
Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024
π¦
Fortinetβs Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Overview Fortinet has disclosed a critical authentication bypass vulnerability affecting FortiOS and FortiProxy systems, identified as CVE202455591. With a CVSS score of 9.6, this vulnerability allows unauthenticated attackers to execute unauthorized code or commands, granting them superadmin privileges. The exploitation of this vulnerability has already been observed in the wild, stressing the urgency for affected organizations to act immediately. Key Details Vulnerability Summary CVE202455591 arises from a flaw in the Node.js websocket module, specifically within FortiOS and FortiProxy, where an alternate path or channel can bypass authentication mechanisms CWE288. This allows remote attackers to gain administrative access and compromise device configurations. Affe...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Fortinet Patches Authentication Bypass Zero-Day
Fortinet has disclosed a critical authentication bypass vulnerability affecting FortiOS and FortiProxy systems. Identified as CVE-2024-55591, bug grants βsuper-adminβ privileges.
π¦Ώ Enhancing Health Care Cybersecurity: Bridging HIPAA Gaps with Innovation π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The proposed HIPAA Security Rule introduces mandatory measures to prevent malicious cyberattacks in health care.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Enhancing Health Care Cybersecurity: Bridging HIPAA Gaps with Innovation
The proposed HIPAA Security Rule introduces mandatory measures that reflect the growing sophistication of cyber threats in health care.
π¦Ώ CyberGhost VPN Review (2025): Features, Pricing, and Security π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
In this comprehensive review of CyberGhost VPN, we cover its features, pricing, security, and overall performance. Find out if this is the right VPN for you.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
CyberGhost VPN Review (2025): Features, Pricing, and Security
Is CyberGhost VPN truly fast, secure, and great for streaming? Explore its performance, privacy features, and streaming compatibility in our review.
ποΈ North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have identified infrastructure links between the North Korean threat actors behind the fraudulent IT worker schemes and a 2016 crowdfunding scam. The new evidence suggests that Pyongyangbased threamoret groups may have pulled off illicit moneymaking scams that predate the use of IT workers, SecureWorks Counter Threat Unit CTU said in a report shared with The Hacker.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ How the channel can simplify cybersecurity to build trust and agility for SMBs π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
There's an opportunity for the channel to move from tech resellers to trusted advisors on security and help alleviate the security burden on SMBs.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
How the channel can simplify cybersecurity to build trust and agility for SMBs
There's an opportunity for the channel to move from tech resellers to trusted advisors on security and help alleviate the security burden on SMBs
π΅οΈββοΈ CISA: Second BeyondTrust Vulnerability Added to KEV Catalog π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
BeyondTrust has patched all cloud instances of the vulnerability and has released patches for selfhosted versions.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
CISA: Second BeyondTrust Vulnerability Added to KEV Catalog
BeyondTrust has patched all cloud instances of the vulnerability and has released patches for self-hosted versions.
π΅οΈββοΈ Extension Poisoning Campaign Highlights Gaps in Browser Security π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Evidence suggests that some of the payloads and extensions may date as far back as April 2023.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Extension Poisoning Campaign Highlights Gaps in Browser Security
Evidence suggests that some of the payloads and extensions may date as far back as April 2023.
π΅οΈββοΈ North Korea's Lazarus APT Evolves Developer-Recruitment Attacks π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
"Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
North Korea's Lazarus Evolves Developer-Recruitment Attacks
"Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.
π΅οΈββοΈ OWASP's New LLM Top 10 Shows Emerging AI Threats π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Ultimately, there is no replacement for an intuitive, securityfocused developer working with the critical thinking required to drive down the risk of both AI and human error.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
OWASP's New LLM Top 10 Shows Emerging AI Threats
Ultimately, there is no replacement for an intuitive, security-focused developer working with the critical thinking required to drive down the risk of both AI and human error.
π¦Ώ UK Considers Banning Ransomware Payments π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
The proposed mandate intends to discourage criminals from targeting critical national infrastructure and public services, as there will be no financial motivation.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
UK Considers Banning Ransomware Payments
The U.K. government is considering banning ransomware payments to make critical industries βunattractive targets for criminals.β
π¦Ώ Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsofts monthly patches cover HyperV NT Kernel Integration VSPs, Git in Visual Studio, and more.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks
Microsoftβs monthly patches cover Hyper-V NT Kernel Integration VSPs, Git in Visual Studio, and more.
π CISA Launches Playbook to Boost AI Cybersecurity Collaboration π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
CISA launched the JCDC AI Cybersecurity Playbook to enhance collaboration on AI cybersecurity risks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CISA Launches Playbook to Boost AI Cybersecurity Collaboration
CISA launched the JCDC AI Cybersecurity Playbook to enhance collaboration on AI cybersecurity risks