Security News > 2024 > April

Ivanti has committed to adopting a secure-by-design approach to security as it gears up for an organizational overhaul in response to the multiple vulnerabilities in Connect Secure exploited earlier this year. CEO Jeff Abbott penned an open letter to Ivanti's customers and partners this week, saying "Events in recent months have been humbling," before detailing the various changes Ivanti plans to make.

New research from cyber security firm Rapid7 has shown the ransomware attacks that IT and security professionals are up against in APAC are far from uniform, and they would be better off tapping intelligence that sheds light on attack trends in their specific jurisdiction or sector. How ransomware threats in Asia-Pacific differ by jurisdiction and sector.

Texas-based Omni Hotels & Resorts has been responding to a cyberattack that started last Friday, which resulted in the unavailability of many of its IT systems. According to people staying at some of the 50 properties the company operates across Northern America, who took to Reddit to vent and discuss the problem, the outage affected reservation and check-in systems, room key cards, and payment systems.

Today's malware is not just about causing immediate damage; some programs get embedded within systems to siphon off data over time, disrupt operations strategically, or lay the groundwork for massive, coordinated attacks. Read on to get the lowdown on recent high-profile malware attacks along with strategies to help limit malware risks at your organization.

Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure, some of which could also lead to execution of arbitrary code or information disclosure. Three months since attackers started exploiting a string of zero-days in Ivanti Connect Secure and bypassing mitigations for them, the company's CEO has announced they will be accelerating security initiatives and improving security practices.

TL;DR: Through April 7th only, you can get a lifetime subscription to RealVPN for just $16 when you use promo code SECURE20. Hackers and snoops on public networks can gain access to your private information, which is why it's crucial to use a base layer of cybersecurity like a VPN. Fortunately, this week only, you can get a lifetime subscription to RealVPN for just $16 when you use promo code SECURE20.

Explore the best password managers for Android devices that offer secure storage and easy access to your passwords. Find out which one suits your needs best.

New research has unveiled a vulnerability within the HTTP/2 protocol, known as HTTP/2 CONTINUATION Flood, that allows for denial-of-service (DoS) attacks. This issue, discovered by security researcher Bartek Nowotarski and reported to CERT/CC on January 25, 2024, arises from improper handling of CONTINUATION frames—a component used to transmit extended header lists within a single stream. CERT/CC's advisory highlights that attackers exploiting this vulnerability could send continuous CONTINUATION frames without concluding them with an END_HEADERS flag, leading to potential server crashes or significant performance drops due to out-of-memory conditions or CPU exhaustion.

This is applications, so it is not because I've nuked state in a browser. It is applications for services for which I am paying money.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.