Security News

Ivanti fixed a critical remote code execution vulnerability in its Endpoint Management software that can let unauthenticated attackers hijack enrolled devices or the core server. Ivanti EPM helps manage client devices running a wide range of platforms, from Windows and macOS to Chrome OS and IoT operating systems.

Miscreants took over security giant Mandiant's Twitter account for several hours on Wednesday in an attempt to steal cryptocurrency, then trolled the Google-owned security shop, telling its admins to change the password. "We are aware of the incident that impacted the Mandiant X account and are conducting a thorough investigation," a spokesperson told The Register.

The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped almost all systems on the telecom operator's network. Following the incident, Kyivstar's CEO and the SSU suggested that Russian hackers may have been involved, given the ongoing conflict between Ukraine and Russia.

Intel and the global investment firm DigitalBridge Group have formed an independent generative AI software stack company, Articul8 AI, Inc.; Intel announced the new company on Jan. 3. Articul8 will work with Intel and provide solutions for organizations that wish to build and deploy generative AI. Articul8's product and capabilities.

Hackers are increasingly targeting verified accounts on X belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams. MalwareHunterTeam has been tracking this type of activity on X lately and reported several notable examples of compromised "Gold" and "Grey" accounts.

23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps. The letter, which was first reported by TechCrunch, read: "As set forth in 23andMe's October 6, 2023 blog post, 23andMe believes that unauthorized actors managed to access certain user accounts in instances where users recycled their own login credentials - that is, users used the same usernames and passwords used on 23andMe.com as on other websites that had been subject to prior security breaches, and users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe. Therefore, the incident was not a result of 23andMe's alleged failure to maintain reasonable security measures under the CPRA.".

The best antivirus software scans and detects malware and protects against viruses and other malicious files designed to compromise company data. In this article, I've listed nine of the best antivirus software for businesses in 2024, including their standout features and how you can choose the right antivirus solution for your business.

A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. The post was spotted by threat intelligence company KELA and while the legitimacy of the offer has not been validated, the screenshots from the seller indicate that the package is real. The seller of the Zeppelin source code and builder uses the handle 'RET' and clarified that they did not author the malware but simply managed to crack a builder version for it.

The U.S. Federal Trade Commission has started accepting submissions for its Voice Cloning Challenge, a public competition with a $25,000 top prize for ideas that protect consumers from the danger of AI-enabled voice cloning for fraudulent activity. AI can be used to clone someone's voice by analyzing an audio clip of the target speaking to extract unique vocal characteristics and then using the training data to generate new speech.

A weak password exposed by infostealer malware is being blamed after a massive outage at Orange Spain disrupted around half of its network's traffic. The malware had infected the account of an Orange Spain employee.