Fortinet has revealed a critical zero-day vulnerability, CVE-2024-55591, affecting its FortiGate firewalls and FortiOS systems, which allows unauthenticated remote attackers to gain super-admin privileges and execute unauthorized code.
Research by Secureworks CTU reveals that Nickel Tapestry, a North Korean threat actor, orchestrated a fraudulent IndieGoGo campaign in 2016, raising $20,000 under false pretenses as part of a broader strategy to engage in various illicit money-making schemes.
A collaborative operation led by the US Department of Justice and French authorities, in partnership with cybersecurity firm Sekoia.io, has successfully eradicated the PlugX malware, a remote access Trojan linked to the Chinese hacking group Mustang Panda, from thousands of computers worldwide.
Cybersecurity experts warn that the recently discovered CVE-2024-44243 vulnerability in macOS enables local attackers with root privileges to bypass System Integrity Protection, potentially leading to severe security breaches.
In 2024, browser-based cyber threats have significantly increased, with drive-by downloads and malicious advertisements becoming prevalent, while traditional email-based malware delivery has declined.
The Biden-Harris Administration has unveiled an Interim Final Rule aimed at enhancing national security by regulating the export of advanced computing chips and AI model weights while promoting responsible global diffusion of AI technology.
Microsoft’s January 2025 Patch Tuesday update addresses 159 vulnerabilities, including critical flaws in Windows Remote Desktop Services and Microsoft Outlook, with several actively exploited vulnerabilities requiring immediate attention.
Barings Law is representing 15,000 claimants in a class action lawsuit against Google and Microsoft, accusing them of unauthorized use of personal data to train AI models without user consent.
Critical national infrastructure providers have achieved notable reductions in remediation times for known exploited vulnerabilities, with a 50% decrease for critical-severity issues and a 25% decrease for high-severity issues since 2022, despite a rising threat landscape marked by increased ransomware attacks.
The World Economic Forum report highlights that the increasing complexity of the cyber landscape exacerbates disparities between developed and emerging economies, with significant impacts on organizational resilience and a growing cyber skills gap.
