A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708)
Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web application in less that a month. Previously, the Cl0p cyber extortion gang e.....»»
NIST is chipping away at NVD backlog
The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but has admitted that their initial estimate of when they would finish the job.....»»
Red Hat Enterprise Linux 9.5 helps organizations simplify operations
Red Hat announced Red Hat Enterprise Linux 9.5. Red Hat Enterprise Linux helps organizations deploy applications and workloads more quickly and with greater reliability, enabling them to lower costs and more effectively manage workloads across hybrid.....»»
How a Windows zero-day was exploited in the wild for months (CVE-2024-43451)
CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on November 2024 Patch Tuesday, has been exploited since at least April 2024, ClearSky researchers have revealed. About the vulnerability CVE-2024-43451 affects all s.....»»
Zero-days dominate top frequently exploited vulnerabilities
A joint report by leading cybersecurity agencies from the U.S., UK, Canada, Australia, and New Zealand has identified the most commonly exploited vulnerabilities of 2023. Zero-day vulnerabilities on the rise The advisory highlights that malicious cyb.....»»
Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage
Google Cloud unveiled its Cybersecurity Forecast for 2025, offering a detailed analysis of the emerging threat landscape and key security trends that organizations worldwide should prepare for. The report delivers insights into the tactics of cyber a.....»»
Researchers use high-resolution images to create model that predicts landslide risk in coastal areas
São Sebastião, a municipality on the coast of São Paulo state in Brazil that was partially cut off from the rest of the country in February 2023 after a period of torrential rain, had more than 1,000 landslide points, according to an inventory pro.....»»
Want to slash social housing waitlists? We should allow tenants to swap homes
There are 184,100 people on social housing waiting lists around the country, reflecting the impact of declining homeownership and escalating private rents......»»
Cequence Security enables organizations to elevate their API defenses
Cequence Security announced its new API Security Assessment Services. Designed to provide immediate, actionable insights into API security risks, these time-bound and fixed services leverage Cequence’s advanced Unified API Protection platform, enab.....»»
Splunk expands observability portfolio to provide organizations with deeper business context
Splunk announced innovations across its expanded observability portfolio to empower organizations to build a leading observability practice. These product advancements provide ITOps and engineering teams with more options to unify visibility across t.....»»
Syteca Account Discovery strengthens privileged access management
Syteca launched Account Discovery, a new feature within its Privileged Access Management (PAM) solution. This enhancement enables organizations to automatically detect and manage privileged accounts across their IT infrastructure, significantly reduc.....»»
Aerospace employees targeted with malicious “dream job” offers
It’s not just North Korean hackers who reach out to targets via LinkedIn: since at least September 2023, Iranian threat actor TA455 has been trying to compromise workers in the aerospace industry by impersonating job recruiters on the popular e.....»»
Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)
November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities.....»»
More evidence that Europe"s ancient landscapes were open woodlands: Study finds oak, hazel and yew were abundant
In 2023 a research group from Aarhus University in Denmark found that light woodland and open vegetation dominated Europe's temperate forests before Homo sapiens. In a new study, recently published in the Journal of Ecology, they take a closer look a.....»»
What can we expect at the COP29 Climate Conference?
With a climate-denialist re-elected as US president and another petrostate host (following Dubai in 2023)—hopes for ambitious outcomes at the 29th UN Climate Change "Conference of the Parties" (COP29) in Baku, Azerbaijan are not high......»»
Ars Live: Our first encounter with manipulative AI
On Nov. 19, join Benj Edwards and Simon Willison's live YouTube chat about the "Great Bing Chat Fiasco of 2023." In the short-term, the most dangerous thing about AI language mode.....»»
Massive troves of Amazon, HSBC employee data leaked
A threat actor who goes by the online moniker “Nam3L3ss” has leaked employee data belonging to a number of corporations – including Amazon, 3M, HSBC and HP – ostensibly compromised during the May 2023 MOVEit hack by the Cl0p r.....»»
Eurotech ReliaGATE 15A-14 enables organizations to meet regulatory standards
Eurotech launches ReliaGATE 15A-14, a cybersecure modular edge gateway designed to meet the growing demand for secure, flexible, and globally deployable IoT solutions. Built to support a wide range of applications, the ReliaGATE 15A-14 accelerates Io.....»»
Immersive Labs AI Scenario Generator improves cyber skills against various attack types
Immersive Labs introduced AI Scenario Generator. This new capability enables organizations to generate threat scenarios for crisis simulations to ensure their workforces are ready for the latest threats. By inputting a few short prompts, customers ca.....»»
Ambitious cybersecurity regulations leave companies in compliance chaos
While the goal of cybersecurity regulations is to bring order among organizations and ensure they take security and risks seriously, the growing number of regulations has also introduced a considerable set of challenges that organizations and their l.....»»
The public implications of private substitutes for electric grid reliability
Climate change events have, in recent years, placed increasing strain on public electrical grids in the United States. In response to this vulnerability, some consumers are turning to private alternatives to the electric utility, like generators and.....»»