The Fundamental Components to Achieving Shift-Left Success
“Shift-left” is a familiar concept to CISOs and security practitioners across the globe. A term coined to promote the integration…
Best Practices for Effective Privileged Access Management (PAM)
Privileged accounts are highly coveted targets for malicious attackers due to the extensive access they provide. According to the 2024…
‘Bootkitty’ First Bootloader to Take Aim at Linux
Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on…
Novel Exploit Chain Enables Windows UAC Bypass
Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really…
Apache fixes critical OFBiz remote code execution vulnerability
Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to…
Malware exploits 5-year-old zero-day to infect end-of-life IP cameras
The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which…
Striking a Balance Between the Risks and Rewards of AI Tools
With all the recent hype, many may not realize artificial intelligence is nothing new. The idea of thinking machines was…
Ivanti warns of critical vTM auth bypass with public exploit
Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let…
Microsoft 365 anti-phishing feature can be bypassed with CSS
Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of…
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks
CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in…