Security News

Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates.

Ivanti first disclosed the newest bug in the SAML component of of Ivanti Connect Secure and Ivanti Policy Secure appliances on January 31. "At the time of publication, the exploitation of CVE-2024-21893 appears to be targeted. Ivanti expects the threat actor to change their behavior and we expect a sharp increase in exploitation once this information is public - similar to what we observed on 11 January following the 10 January disclosure," Ivanti warned last week.

Secretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States. "The State Department is implementing a new policy today that will allow the imposition of visa restrictions on individuals involved in the misuse of commercial spyware," Blinken said.

Interview If you are responsible for infosec at a US hospital or other healthcare organization, and you treat the government's new "Voluntary" cybersecurity performance goals as, well, voluntary, you're ignoring the writing on the wall. "If you buy into the fact that voluntary doesn't mean you have to do something, you are probably going to be wrong. Voluntary goals become mandatory, and that has usually been the case with other rulemaking in healthcare as it relates to security."

Hewlett Packard Enterprise is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information.IntelBroker, the threat actor selling the alleged HPE data, shared screenshots of some of the supposedly stolen HPE credentials but has yet to disclose the source of the information or the method used to obtain it.

AnyDesk has copped to an IT security "Incident" in which criminals broke into the remote-desktop software maker's production systems. "We have revoked all security-related certificates and systems have been remediated or replaced where necessary," AnyDesk said.

A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed...

B.J. Herbison February 5, 2024 11:36 AM. Was the call recorded? On the call we have a bunch of scammers and one person who says "The deepfakes were great, I was fooled." and sends the money. The "Worried about a phishing email" might be just posturing.

An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers. The exploitation volume of this particular vulnerability is far greater than that of other recently fixed or mitigated Ivanti flaws, indicating a clear shift in the attackers' focus.

A deepfake video conference call paired with social engineering tricks has led to the theft of over US$25 million from a multinational firm, the South China Morning Post has reported. They have been later quelled by a group video conference to which the employee was invited.