Actively Exploited Zero-Day Vulnerabilities in Windows Hyper-V NT Kernel Integration VSP Windows Hyper-V NT Kernel Integration VSP received patches for CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335, which all have a severity of Important and a CVSS score of 7.8. These elevation of privilege (EoP) vulnerabilities allow an attacker who successfully exploits them to gain … [Read more...] about January 2025 Patch Tuesday: Updates and Analysis
Security
Security for Enterprise AI Adoption
Today, we are witnessing artificial intelligence radically reshape the way we do business. Last year, we published our Cisco AI Readiness Index, which provided critical insights into the state of enterprise AI adoption. In both our survey results and my own conversations with business leaders, a common trend was evident. Despite growing pressures to harness this … [Read more...] about Security for Enterprise AI Adoption
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Jan 15, 2025Ravie LakshmananMalvertising / Malware Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google. "The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and … [Read more...] about Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
CrowdStrike Insider Risk Services Defend Against the Threats Within
Insider threats are among the most elusive and damaging forms of cybersecurity risk. According to the Ponemon Institute, 71% of organizations experienced between 21 and 41 insider incidents in 2023, up 67% over the previous year. The average annual cost of insider threats also climbed to $16.2 million per organization, the report found. Insider threats begin with … [Read more...] about CrowdStrike Insider Risk Services Defend Against the Threats Within
Contributing to CISA’s JCDC AI Efforts
A few months ago this year, I wrote about an AI Security Incident tabletop exercise led by the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC). This exercise brought together industry leaders and government agencies. CISA used the insights gained from these exercises to develop an AI Security Incident Collaboration … [Read more...] about Contributing to CISA’s JCDC AI Efforts
Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Jan 14, 2025Ravie LakshmananEndpoint Security / Vulnerability Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The … [Read more...] about Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation
Navigate Cyber Threats with Cisco XDR: From Chaos to Clarity
In an era where cyber threats evolve at breakneck speed, organizations face unprecedented challenges in protecting their data, systems, and operations. The stakes have never been higher, with cyberattacks capable of disrupting critical services, compromising sensitive information, and inflicting severe financial and reputational damage. Cisco XDR (Extended Detection and … [Read more...] about Navigate Cyber Threats with Cisco XDR: From Chaos to Clarity
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
Jan 13, 2025Ravie LakshmananVulnerability / Cloud Security A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the weaponization of … [Read more...] about Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
Jan 11, 2025Ravie LakshmananAI Security / Cybersecurity Microsoft has revealed that it's pursuing legal action against a "foreign-based threat–actor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content. The tech giant's … [Read more...] about Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering
Jan 11, 2025Ravie LakshmananFinancial Crime / Cryptocurrency The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on December 1, 2024, in coordination with the … [Read more...] about DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering