Apr 08, 2025Ravie LakshmananNetwork Security / Vulnerability Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change vulnerability … [Read more...] about Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
News
The Evolution of Real-Time Cyber Defense
The traditional Intrusion Detection Systems (IDS) have depended on rule-based or signature-based detection, which are challenged by evolving cyber threats. Through the introduction of Artificial Intelligence (AI), real-time intrusion detection has become more dynamic and efficient. Today we’re going to discuss the various AI algorithms that can … [Read more...] about The Evolution of Real-Time Cyber Defense
Insight beyond annual risk using attack chain mapping
Thriving organizations maximally allocate resources. With seemingly infinite cybersecurity threats and finite resources, everyone needs to know the size of the threat to determine priority, and where to invest to maximize ROI. Elastic takes a quantified approach to cybersecurity risk management using FAIR to break threat scenarios into (A) likelihood and (B) losses to calculate … [Read more...] about Insight beyond annual risk using attack chain mapping
CrowdStrike Secures AI Development with NVIDIA
We’re excited to share that CrowdStrike Falcon® Cloud Security now offers enhanced tools to help secure artificial intelligence (AI) development, simplify AI security posture management, and quickly respond to AI threats. These updates have been developed in collaboration with NVIDIA since August 2024. As AI rapidly transforms how industries operate, it’s also creating new … [Read more...] about CrowdStrike Secures AI Development with NVIDIA
CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks
Apr 07, 2025Ravie LakshmananMalware / Network Security Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) channel. "'Fast flux' is a technique used to obfuscate the locations of … [Read more...] about CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks
Government cybersecurity: Consolidating tools and costs with AI & ML
Quantifying the economic impact of Elastic SecurityAs public sector organizations grapple with a changing economic and political landscape, the focus has increasingly turned to driving efficiencies, reducing costs, and strengthening resiliency. For government agencies tasked with spending taxpayer funds judiciously, leaders must balance risk management with total cost of … [Read more...] about Government cybersecurity: Consolidating tools and costs with AI & ML
Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a "conflicted" individual straddling a legitimate career in cybersecurity and pursuing cybercrime. In a new extensive analysis published by Outpost24 KrakenLabs, the Swedish security company unmasked … [Read more...] about Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader. "These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, … [Read more...] about North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
How to guard against NFC carding theft
Payment card security is constantly improving, but attackers keep finding new ways to steal money. In days gone by, having tricked the victim into handing over card credentials on a fake online store or through another scam, cybercriminals would make a physical duplicate card by writing the stolen data onto a magnetic stripe. Such cards could then be used in stores and even at … [Read more...] about How to guard against NFC carding theft
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Apr 04, 2025Ravie LakshmananVulnerability / Open Source, The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. "The attackers obtained initial access by taking advantage … [Read more...] about SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack