(Credit: Rafael Henrique – stock.adobe.com)

Palo Alto Networks PAN-OS critical 0-day exploited; no patch yet

Laura FrenchApril 12, 2024

The max severity (CVSS 10) bug enables command injection through the GlobalProtect feature.

Organizations tackling multi-cloud security amidst misconfigurations and poor visibility

PODCASTS

RESOURCES

FEATURED

Call for 2024 SC Awards nominations

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

AI/ML

AI-generated code potentially used in new Rhadamanthys campaign

Laura FrenchApril 12, 2024

A PowerShell script used to deploy the infostealer contains unusually specific comments, researchers say.

Cyber attack deepfake attack. Vulnerability text in binary system

Identity

LastPass thwarts attempt to deceive employee with deepfake audio

Steve ZurierApril 12, 2024

While the employee did not fall for the scam, LastPass took the incident as an opportunity to spread awareness about deepfakes.

Ransomware

LockBit copycat DarkVault spurs rebranding rumor

Laura FrenchApril 11, 2024

Several impersonators have used LockBit’s branding and leaked builder in their attacks.

Identity

Sisense customers told to reset credentials amid supply chain attack fears

Steve ZurierApril 11, 2024

While details of the breach are limited, CISA sends alert after security researchers discover compromise.

Stethoscope on the silver computer keyboard-blockchain data encryption

Ransomware

Ransomware gang steals 534,000 records from Wisconsin healthcare provider

Simon HenderyApril 11, 2024

The BlackSuit group claimed responsibility for an attack on Group Health Cooperative of South Central Wisconsin.

(Credit: monticellllo – stock.adobe.com)

Network Security

Fortinet patches FortiClientLinux critical RCE vulnerability

Laura FrenchApril 10, 2024

The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.

Cloud technology and Data storage concept, Concept of Exchange information and data with internet cloud technology. FTP(File Transfer Protocol) files receiver.

Network Security

Raspberry Robin observed spreading via Windows Script Files

Steve ZurierApril 10, 2024

The HP Threat Research team says security pros should take note because Raspberry Robin has been used to deliver multiple families of malware – and as a precursor to ransomware.

Network Security

Microsoft fixes a record 147 bugs in April release of Patch Tuesday

Simon HenderyApril 10, 2024

This month’s bumper crop of patches includes two Microsoft didn’t initially acknowledge were being exploited in the wild.

Palo Alto Networks PAN-OS critical 0-day exploited; no patch yet

Organizations tackling multi-cloud security amidst misconfigurations and poor visibility

PODCASTS

RESOURCES

FEATURED

Call for 2024 SC Awards nominations

Get daily email updates

Perspectives

Is AI-Generated code safe?

Seven ways to prepare for the new CISA CIRCIA rules

How BEC attacks are evolving in the AI era

VPN is dead, long live VPN!

What security agencies, regulators, and businesses get wrong about cybersecurity

In Brief

Airgap Networks purchased by Zscaler

Persistent gender gap in cyber compensation shrinking

Third-party data sharing done by most US hospital websites

Cyberattack volumes peak in first quarter

Hunters International demands $10M from Hoya

More Resources

Active adversary dwell time: The good (and bad) news

Hunter-killer malware: How to prevent it from undermining security controls

Fighting active adversaries: The need for dynamic defenses

Adversarial evolution: How defenders must also evolve

Using MITRE ATT&CK framework to thwart active adversaries

AI-generated code potentially used in new Rhadamanthys campaign

LastPass thwarts attempt to deceive employee with deepfake audio

LockBit copycat DarkVault spurs rebranding rumor

Sisense customers told to reset credentials amid supply chain attack fears

Ransomware gang steals 534,000 records from Wisconsin healthcare provider

Fortinet patches FortiClientLinux critical RCE vulnerability

Raspberry Robin observed spreading via Windows Script Files

Microsoft fixes a record 147 bugs in April release of Patch Tuesday

EVENTS

Identity security and user experience – there shouldn’t be a trade-off

Beyond IAM: Achieving true identity security

Securing Complex OT Environments

Cloud security: Fixing what broke during the “great migration”

Common-sense security: The case for unified SASE as a service

Cybersecurity News, Awards, Webinars, eSummits, Research

Palo Alto Networks PAN-OS critical 0-day exploited; no patch yet

Organizations tackling multi-cloud security amidst misconfigurations and poor visibility

PODCASTS

RESOURCES

FEATURED

Call for 2024 SC Awards nominations

Get daily email updates

Perspectives

Is AI-Generated code safe?

Seven ways to prepare for the new CISA CIRCIA rules

How BEC attacks are evolving in the AI era

VPN is dead, long live VPN!

What security agencies, regulators, and businesses get wrong about cybersecurity

In Brief

Airgap Networks purchased by Zscaler

Persistent gender gap in cyber compensation shrinking

Third-party data sharing done by most US hospital websites

Cyberattack volumes peak in first quarter

Hunters International demands $10M from Hoya

More Resources

Active adversary dwell time: The good (and bad) news

Hunter-killer malware: How to prevent it from undermining security controls

Fighting active adversaries: The need for dynamic defenses

Adversarial evolution: How defenders must also evolve

Using MITRE ATT&CK framework to thwart active adversaries

AI-generated code potentially used in new Rhadamanthys campaign

LastPass thwarts attempt to deceive employee with deepfake audio

LockBit copycat DarkVault spurs rebranding rumor

Sisense customers told to reset credentials amid supply chain attack fears

Ransomware gang steals 534,000 records from Wisconsin healthcare provider

Fortinet patches FortiClientLinux critical RCE vulnerability

Raspberry Robin observed spreading via Windows Script Files

Microsoft fixes a record 147 bugs in April release of Patch Tuesday

EVENTS

Identity security and user experience – there shouldn’t be a trade-off

Beyond IAM: Achieving true identity security

Securing Complex OT Environments

Cloud security: Fixing what broke during the “great migration”

Common-sense security: The case for unified SASE as a service