The vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, affect fully patched Internet-facing Ivanti Connect Secure VPN appliances (formerly known as Pulse Secure) and were caught during in-the-wild zero-day exploitation. Ivanti, a company that has struggled with major security problems, released pre-patch mitigations for the new vulnerabilities but said comprehensive fixes will be released on a staggered…

The European Union adopted a regulation on mandatory cyber hygiene intended to beef up cybersecurity at EU government agencies amid concerns that trading bloc institutions have failed to keep pace with mounting digital threats. Proposed by the European Commission in 2022, the Cybersecurity Regulation lays down uniform cyber compliance requirements for EU institutions, bodies, offices…

January isn’t traditionally the lightest month on patch managers’ calendars, so a second month of (relatively) few Microsoft releases is a bit of a treat. On Tuesday the company released 48 CVEs, including 38 for Windows. Eight other product groups or tools are also affected. Of the CVEs addressed, just two are considered Critical in…

Financial teams of the acquisition were not released but published reports out of Israel peg the price tag as “several tens of millions of dollars.” The private equity-owned Delinea, formed in April 2012 through the merger of Centrify and Thycotic, said the deal extends its reach into the lucrative identity category and adds technology to…

The account of Mandiant, which is part of Google Cloud, was renamed to ‘Phantom’ and its profile image and description were updated to appear affiliated with the legitimate Phantom cryptocurrency wallet. Messages posted on the hijacked account promoted a website hosted at claim-phntm.com, which claimed to distribute cryptocurrency tokens through an airdrop. In reality, the…

Distributed denial-of-service (DDoS) attacks are a year-round threat. However, as many security practitioners can attest, DDoS attacks are particularly prolific during high-traffic times like the holiday season. The holidays are typically a time when organizations have reduced resources, with staff taking vacation and fewer cyber resources dedicated to monitoring networks and applications. Cybercriminals often take…

Google is settling a class-action lawsuit over how it tracks data from individuals using browsers in “private” or “incognito” mode. The plaintiffs in Brown et al v. Google LLC alleged that Google violated US federal laws regarding wiretapping and invasion of privacy, by continuing to track, collect, and identify browsing data from users of “Incognito…