Security News > 2024 > March

GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. Known as Code Scanning Autofix and powered by GitHub Copilot and CodeQL, it helps deal with over 90% of alert types in JavaScript, Typescript, Java, and Python.

Ivanti has fixed a critical RCE vulnerability in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. The vulnerability affects all supported version of Ivanti Standalone Sentry as well as older, unsupported ones.

US government is urging state officials to band together to improve the cybersecurity of the country's water sector amid growing threats from foreign adversaries. The Environmental Protection Agency announced it is seeking to establish a Water Sector Cybersecurity Task Force to beef up current work to implement "Immediate" solutions to prevent one of the US's most critical services from disruption.

MFA software solutions provide multi-factor authentication for individual end-users, organizational workforces and customer-facing applications. Software Solution category Authentication types Hosting options Pricing Google Authenticator Individual MFA Mobile app, software token, mobile push, risk-based Cloud-based Free Cisco Duo Workforce MFA Mobile app, software token, hardware token, mobile push, WebAuthn, biometric Cloud-based Free MFA for up to 10 users; plans start at $3/user/month.

Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers. Ivanti also fixed a second critical vulnerability in its Neurons for ITSM IT service management solution that enables remote threat actors with access to an account with low privileges to execute commands "In the context of web application's user."

Cybersecurity attacks are inevitable for modern businesses. It is vital that businesses deploy countermeasures to mitigate the damage these attacks cause.

Reports of the breach suggest one member of staff at the famous hospital was caught attempting to view notes for Kate Middleton, the future Queen of the United Kingdom. We have systems in place to monitor management of patient information and, in the case of any breach, all appropriate investigatory, regulatory and disciplinary steps will be taken.

UK bakery chain Greggs is the latest victim of recent point of sale system outages that forced store closures at large retail chains over the past few weeks. Greggs is a bakery chain with 2,300 branches across the UK, selling sausage rolls, baked goods, sandwiches, and sweets.

Cyber security company Proofpoint recently surveyed 7,500 employees and 1,050 security professionals in 15 countries, including Australia, Japan, South Korea and Singapore. Employees in the Asia-Pacific region were the most likely among global employees surveyed to say they were unsure about their personal responsibility for cyber security.

A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk....