Security News

In today's fast-evolving digital landscape, cybersecurity has become a cornerstone of organizational resilience. As cyber threats grow increasingly sophisticated, the demand for skilled...

Service accounts are non-human identities used to automate machine-to-machine interactions. They support critical functions – such as running scripts, services, and applications like websites,...

Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of...

Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. [...]

Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways and change the password of any user on its Smart Software Manager On-Prem license servers. Cisco Secure Email Gateways aim to protect businesses against emails laden with malware, malicious links and scams, and against exfiltration of sensitive data via email.

Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919, the issue impacts CloudGuard...

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution flaw the vendor addressed earlier this week. The flaw is tracked as CVE-2024-21894 and is a high-severity heap overflow in the IPSec component of Ivanti Connect Secure 9.x and 22.x, potentially allowing unauthenticated users to cause denial of service or achieve RCE by sending specially crafted requests.

While Ivanti said the remote code execution risks are limited to "Certain conditions," the company didn't provide details on the vulnerable configurations. "We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure," Ivanti added.

The Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure...