Application securityAfter a 19-month saga, Broadcom finally patches Brocade SANnav bugsSteve ZurierApril 25, 2024Security pros say given the complexity of SAN management tools, it’s understandable the patches took so long.
Network SecurityCisco firewalls targeted in sophisticated nation-state espionage hackSimon HenderyApril 25, 2024Security agencies sound alarm over campaign aimed at Cisco’s Adaptive Security Appliance software.
Network SecurityCoralRaider leverages CDN cache domains in new infostealer campaignLaura FrenchApril 24, 2024A new CryptBot variant targets password managers and authentication apps in the new campaign.
Vulnerability ManagementGoogle patches critical type-confusion flaw in Chrome browserSteve ZurierApril 24, 2024Security pros say there’s a high potential that attackers could launch arbitrary code execution.
Network SecurityElusive group ToddyCat refines techniques for large-scale data theftSimon HenderyApril 24, 2024The stealthy threat group is particularly focused on exfiltrating data from Asia-Pacific government and defense organizations.
AI/MLTensorFlow AI models at risk due to Keras API flawLaura FrenchApril 23, 2024Arbitrary code in Lambda Layers may be unsafely executed in older versions of Keras.
RansomwareA ‘substantial proportion’ of Americans exposed in Change Healthcare cyberattackSteve ZurierApril 23, 2024Change Healthcare owner UnitedHealth Group acknowledges some customer protected health information leaked on dark web.
Network SecurityRussian group exploits Windows print spooler bug via ‘GooseEgg’ malwareSimon HenderyApril 23, 2024Microsoft says the launcher application is unique to Russia’s APT28 threat group and can lead to remote code execution.
Network Security6.2K Palo Alto firewalls still at risk as exploits increaseLaura FrenchApril 22, 2024Proof-of-concept exploits for CVE-2024-3400 are now publicly available.
Network SecurityMITRE research and prototyping network breached via Ivanti zero-daysSteve ZurierApril 22, 2024Security pros say while the target was an unclassified network, the research it manages on emerging technologies could be of interest to adversaries.