Security News > 2024 > February

CVE-2024-21893, a server-side request forgery vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure, is being exploited by attackers.Its existence, along with that of CVE-2024-21888, a privilege escalation vulnerability affecting the same Ivanti Connect Secure and Policy Secure versions, was revealed by Ivanti in late January.

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse...

The commercial spyware economy - despite government and big tech's efforts to crack down - appears to be booming. The US government added commercial spyware makers Intellexa and Cytrox to its Entity List, after placing similar export restrictions on NSO Group in 2021.

Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This [computer network] was used for unclassified...

According to recent surveys, 98% of organizations keep their financial, business, customer and/or employee information in the cloud but, at the same time, 95% of cloud security professionals are not sure their security protections and their team would manage to detect and respond to security threats or incidents affecting their cloud infrastructure. Cloud misconfiguration errors may grant attackers unauthorized access to system functions and sensitive data, and have the potential to harm the integrity and security of the organization's cloud.

Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. "Easy to use from the command line with simple, understandable output, Prowler offers standard reporting formats like CSV and JSON, enabling users to thoroughly examine findings across any cloud provider, all in a uniform format. Its seamless integrations with Security Hub and S3 facilitate easy incorporation with other SIEMs, databases, and more. The ability to write custom checks and develop custom security frameworks is crucial for our expanding community," Toni de la Fuente, the creator of Prowler, told Help Net Security.

JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors...

Security teams often operate in a silo, detached from the soft, human parts of the business like sales and marketing, which can lead to overlooking potential attack vectors that are evident from a business standpoint. In essence - learn the business to attack the business.

Threat actors aren't looking for companies of specific sizes or industries, they are looking for opportunities. Given that many companies operate in the dark and overlook breaches until ransomware attacks occur, this makes the threat actors' job easy.

Despite 57% of interviewed organizations reporting significant security incidents, over 70% of organizations reported better performance on cybersecurity key performance indicators, such as mean time to detect, investigate, respond, and remediate in 2023 as compared to 2022, and 90% believe they have good or excellent ability to detect cyberthreats. "While we aren't surprised by the contradictions in the data, our study in partnership with IDC further opened our eyes to the fact that most security operations teams still do not have the visibility needed for overall security operations success. Despite the varied TDIR investments they have in place, they are struggling to thoroughly conduct comprehensive analysis and response activities," said Steve Moore, Exabeam Chief Security Strategist.