Oracle Agile Vulnerability Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of a severe deserialization vulnerability (CVE-2024-20953) in Oracle Agile…
Month: February 2025
Avoiding vendor lock-in when using managed cloud security services
In this Help Net Security interview, Marina Segal, CEO at Tamnoon, discusses the most significant obstacles when implementing managed cloud security in hybrid and multi-cloud…
Uncovering a New Side-Channel Attack on Data Structures
Researchers at Graz University of Technology have uncovered a groundbreaking software-based side-channel attack, KernelSnitch, which exploits timing variances in Linux kernel data structures. Unlike hardware-dependent attacks,…
The CISO’s dilemma of protecting the enterprise while driving innovation
CISOs are constantly navigating the challenge of protecting their organizations while ensuring business agility and innovation. For example, as companies move workloads to the cloud…
SEC Launches CETU To Tackle Emerging Tech Scams
The Securities and Exchange Commission (SEC) has announced the launch of the Cyber and Emerging Technologies Unit (CETU), a dedicated team focused on addressing cyber-related…
Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
Feb 25, 2025Ravie LakshmananNetwork Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle…
SonicWall authentication flaw under threat of active exploitation
Dive Brief: Security researchers warn a critical vulnerability in SonicWall’s SonicOS is under active exploitation. The flaw, listed as CVE-2024-53704, is an improper authentication vulnerability…
Proof-of-concept exploit released for 4 Ivanti vulnerabilities
Dive Brief: Horizon3.ai researchers on Wednesday released technical details and a proof-of-concept (PoC) exploit for four critical Ivanti vulnerabilities that were first disclosed and patched…
US authorities warn Ghost ransomware leverages older CVEs
Dive Brief: Federal authorities on Wednesday warned that Ghost ransomware has compromised organizations as recently as January by exploiting older vulnerabilities to attack internet-facing services…
SEC revamps cyber and crypto enforcement unit under Trump administration
Dive Brief: The Securities and Exchange Commission on Thursday unveiled a revamped anti-fraud unit to protect retail investors in emerging technologies, reflecting the Trump…
Cisco: Salt Typhoon used new custom malware in telecom attacks
Dive Brief: In research published Thursday on Salt Typhoon’s hacking campaign against telecom carriers, Cisco Talos said the Chinese state-sponsored threat group had gained access…
Global tech spend to approach $5 trillion this year: Forrester
Dive Brief: Global tech spend will grow 5.6% this year to $4.9 trillion, driven by investments in cybersecurity, cloud and generative AI technologies, according to Forrester.…