lemmydev2

CEO addresses whirlwind start to 2024 and how it plans to prevent a repeat Ivanti has committed to adopting a secure-by-design approach to security as it gears up for an organizational overhaul in response to the multiple vulnerabilities in Connect Secure exploited earlier this year.…

Newly discovered HTTP/2 protocol vulnerabilities called "CONTINUATION Flood" can lead to denial of service (DoS) attacks, crashing web servers with a single TCP connection in some implementations. [...]

Crypto and other investment app scams promoted on YouTube targeted 100K users.

At least a dozen people sent suspicious messages, with senior figures suggesting foreign state could be culpritA police investigation has been launched after MPs were apparently targeted in a “spear-phishing” attack, in what security experts believe could be an attempt to compromise parliament.A police force said it had started an inquiry after receiving a complaint from an MP who was sent a number of unsolicited messages last month. Continue reading...

Meanwhile, 36% were either neutral or disagreed that AI would play an important role in improving their cybersecurity.

Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows -

CVE-2024-21894 (CVSS score: 8.2) - A heap overflow vulnerability in the IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an

Device Bound Session Credentials Tie Authentication Cookies to Specific ComputersGoogle is prototyping a method to stymie hackers who get around multifactor security by stealing authentication cookies from desktops. Google says its proposal for cryptographically tying authentication tokens to computers will succeed where previous attempts such as Token Binding failed.

A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says.

We often write about malware that steals payment information from sites built with Magento and other types of e-commerce CMS. However, WordPress has become a massive player in ecommerce as well, thanks to the adoption of Woocommerce and other plugins that can easily turn a WordPress site into a fully-featured online store. This popularity also makes WordPress stores a prime target — and attackers are modifying their MageCart ecommerce malware to target a wider range of CMS platforms. Continue reading Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS at Sucuri Blog.

And Diameter, too, for good measure The FCC appears to finally be stepping up efforts to secure decades-old flaws in American telephone networks that are allegedly being used by foreign governments and surveillance outfits to remotely spy on and monitor wireless devices.…

Hack Targeting Top Government Officials ‘Was Preventable,’ Scathing Report SaysThe independent Cyber Safety Review Board published a scathing report that recommended an overhaul of Microsoft’s security infrastructure and said the tech giant’s operational and strategic decisions led to the successful Chinese hacking campaign targeting top U.S. government officials.

Irony alerts: Open Web Application Security Project Foundation suffers lapse A misconfigured MediaWiki web server allowed digital snoops to access members' resumes containing their personal details at the Open Web Application Security Project (OWASP) Foundation.…