Supply chain managers underestimate cybersecurity risks in warehouses

32% of warehouse respondents report that social engineering is one of the most-used entry points in warehouse cyberattacks – tied with software vulnerabilities (32%) and followed by devices (19%), according to Ivanti. Cyberattacks on warehouses threate… Continue reading Supply chain managers underestimate cybersecurity risks in warehouses

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (… Continue reading Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

November 2024 Patch Tuesday forecast: New servers arrive early

Microsoft followed their October precedent set with Windows 11 24H2 and announced Microsoft Server 2025 on the first of November. We were expecting the official announcement at Microsoft Ignite near the end of the month, but with the early release, ear… Continue reading November 2024 Patch Tuesday forecast: New servers arrive early

Infosec products of the month: October 2024

Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Balbix, BreachLock, Commvault, Dashlane, Data Theorem, Edgio, ExtraHop, Fastly, Frontegg, GitGuardian, IBM, Ivanti, Jumio, Kusari, Legit Security, Met… Continue reading Infosec products of the month: October 2024

October 2024 Patch Tuesday forecast: Recall can be recalled

October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The preview versions of this release have been in the news due to many innovations and one controversial feature. Windows 11 24H2 and Microsoft Recall This O… Continue reading October 2024 Patch Tuesday forecast: Recall can be recalled

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited Vul… Continue reading Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)

15% of office workers use unsanctioned GenAI tools

Rigid security protocols — such as complex authentication processes and highly restrictive access controls — can frustrate employees, slow productivity and lead to unsafe workarounds, according to Ivanti. Understanding workplace behavior key to strengt… Continue reading 15% of office workers use unsanctioned GenAI tools