CISA recently warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS. This security flaw, tracked as CVE-2024-5910, was patched in July, and threat actors can remotely exploit it to reset application admin credentials on Internet-exposed Expedition…
Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month. This was done to protect and raise cyber awareness for the public and private sectors to work together to raise awareness about the importance of cybersecurity. Over the years it has grown into a collaborative effort between…
How to Protect Yourself and Your Loved Ones From Falling Victim to One of the Most Brutal AI Scams Imagine a heart-stopping moment: a mother picks up her phone to hear her daughter’s voice, choked with sobs, whispering, “Mom, I messed up.” Panic sets in as a gruff male voice takes over, demanding a staggering…
Nantha Ram Ramalingam is the Global Head of Cybersecurity for Manufacturing, Supply Chain, and Retail at Dyson Technology India Pvt Ltd. With over 15 years of experience in cybersecurity leadership, he is an expert in driving organizations to adopt robust security frameworks through strategic planning, secure system design, and effective risk management. His diverse…
According to this recent assessment by Resecurity, terrorist groups are increasingly using cyberspace to plan and execute attacks, as well as to conduct recruitment and establish anonymous communication channels. According to assessment by Resecurity, terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks, as well as to conduct recruitment and establish anonymous…
As open source software grows to represent an ever-increasing percentage of enterprise application code, application security (AppSec) leaders and developers are challenged to mitigate the risk of falling victim to the weaponization of such packages by threat actors. Reporting on current open source AppSec practices and problems, Checkmarx, the industry leader in cloud-native application security for…
This interview has been attributed to Anshul Gupta Anshul S Gupta is a seasoned cybersecurity leader with over 18 years of experience. He has been recognized for his expertise in threat and incident management, security compliance, and risk management. Anshul has spearheaded strategic cybersecurity initiatives and complex cyber transformation projects across diverse industries. Anshul has…
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. “The vulnerabilities we found could have allowed attackers to access customers’ data…
Investment scams primarily operate through social media and messaging platforms like WhatsApp and Telegram. CloudSEK found a surge in malicious content on these platforms — over 29,000 fraudulent ads on Facebook and a 81,000 fake investment groups on WhatsApp. The report covers an in-depth report exposing a troubling rise in investment scams targeting individuals in…
Cybersecurity researchers uncovered a sophisticated attack campaign by the Water Sigbin (aka 8220 Gang) threat actor that exploited vulnerabilities in the Oracle WebLogic Server, notably CVE-2017-3506 and CVE-2023-21839, to deploy the XMRig cryptocurrency miner on compromised systems. The attack begins with the threat actor exploiting the WebLogic vulnerabilities to execute a malicious PowerShell script on the victim…
