Top priorities for chief audit executives in 2023
The top focus areas for chief audit executives (CAEs) in 2023 are advancing data analytics, assuring proliferating digital risks, and talent management, according to Gartner.…
Month: July 2023
Zero-day deploys remote code execution vulnerability via Word documents
We take a look at reports of an exploit being deployed via booby trapped Word documents. An unpatched zero-day vulnerability is currently being abused in…
Ransomware review: July 2023
Following a three-month lull of activity, Cl0p returned with a vengeance in June and beat out LockBit as the month’s most active ransomware gang. This…
How new CVSS 4.0 framework is a game changer for cyber security industry
The Common Vulnerability Scoring System (CVSS) framework, which is used by cybersecurity experts and manufacturers to convey data about software vulnerabilities, is undergoing significant revisions.…
From Malvertising to Ransomware: A ThreatDown webinar recap
Get the low-down on our recent webinar From Malvertising to Ransomware. Our recent webinar From Malvertising to Ransomware highlight the clear connection between malvertising—the practice of embedding…
Apple re-released Rapid Security Response to fix recently disclosed zero-daySecurity Affairs
Apple re-released its Rapid Security Response updates for iOS and macOS after fixing browsing issues on certain websites caused by the first RSR. Apple has…
Cisco SD-WAN vManage impacted by unauthenticated REST API access
The Cisco SD-WAN vManage management software is impacted by a flaw that allows an unauthenticated, remote attacker to gain read or limited write permissions to…
Zimbra urges customers to manually fix actively exploited zero-daySecurity Affairs
Zimbra has released updates to address a zero-day vulnerability actively exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Zimbra urges customers to…
Fake Linux vulnerability exploit drops data-stealing malware
Cybersecurity researchers and threat actors are targeted by a fake proof of concept (PoC) CVE-2023-35829 exploit that installs a Linux password-stealing malware. Uptycs analysts discovered…
Flaws in Honeywell Experion DCS, Posing Risk to Critical Industries
These vulnerabilities, dubbed Crit.IX can allow unauthorized remote code execution on the Honeywell server and controllers’ legacy version. Security researchers at cybersecurity firm Armis and…
The Future of Generative AI and Security [2 Predictions]
Offensive AI Will Outpace Defensive AI In the short term, and possibly indefinitely, we will see offensive or malicious AI applications outpace defensive ones that…
Windows 11 23H2 coming this fall as a small enablement package
Microsoft announced today that the upcoming Windows 11, version 23H2, will be available in the fourth quarter of 2023 as an enablement package since it…