Ivanti Connect Secure, formerly known as Pulse Connect Secure, has been found to have two zero-day vulnerabilities, namely CVE-2023-46805 and CVE-2024-21887, which were exploited by threat actors …
Apple Patches Keystroke Injection Vulnerability in Magic Keyboard
Apple has released firmware updates for its Magic Keyboard to address a vulnerability that could allow attackers to inject keystrokes over Bluetooth. The vulnerability, disclosed by SkySafe software …
Continue Reading about Apple Patches Keystroke Injection Vulnerability in Magic Keyboard
New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise
Security researchers at Praetorian have disclosed a class of Continuous Integration/Continuous Deployment (CI/CD) attacks that could have allowed attackers to inject malicious code into the PyTorch …
Continue Reading about New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise
It’s 2024. Time to Have Attribution Standards in Cyberspace
A recent article raised the question if North Kora was actually the perpetrator of the cyber attacks against Sony Pictures in December 2014. Despite the difficulties typically …
Continue Reading about It’s 2024. Time to Have Attribution Standards in Cyberspace
China Says State-Backed Experts Crack Apple’s AirDrop
The Beijing municipal government revealed that experts in China have devised a method to identify users of Apple's encrypted AirDrop service, allowing access to phone numbers and email accounts. The …
Continue Reading about China Says State-Backed Experts Crack Apple’s AirDrop
Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report
The Dutch newspaper De Volkskrant's investigation revealed a Dutch engineer recruited by the Netherlands' intelligence services, the AIVD, likely played a role in deploying the Stuxnet malware at an …
Kyocera Device Manager Vulnerability Exposes Enterprise Credentials
Kyocera Device Manager, a management tool for Kyocera printers and multifunction devices, was found to have a vulnerability (CVE-2023-50916) allowing attackers to manipulate paths and potentially …
Continue Reading about Kyocera Device Manager Vulnerability Exposes Enterprise Credentials
Anecdotes Raises $25 Million for Enterprise GRC Platform
Anecdotes, an enterprise governance, risk management, and compliance (GRC) solutions provider, secured $25 million in a Series B funding round led by Glilot Capital Partners, with contributions from …
Continue Reading about Anecdotes Raises $25 Million for Enterprise GRC Platform
Vigilant Ops Raises $2 Million for SBOM Management Platform
Vigilant Ops, a cybersecurity startup, secured a $2 million seed investment from DataTribe to enhance its software bills of materials (SBOMs) management platform. Founded in 2019, the Pittsburgh-based …
Continue Reading about Vigilant Ops Raises $2 Million for SBOM Management Platform
Nigerian Arrested, Charged in $7.5 Million BEC Scheme Targeting US Charities
Olusegun Samson Adejorin, a Nigerian national, faces charges in the US for his role in a business email compromise (BEC) scheme involving two charitable organizations. Between June and August 2020, …
Continue Reading about Nigerian Arrested, Charged in $7.5 Million BEC Scheme Targeting US Charities