Apr 15, 2024NewsroomFirewall Security / Vulnerability Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize…
Read More
There are some sobering statistics on the impact of an attack. US small businesses paid over $16,000 in ransoms last year, according to the Hiscox Cyber Readiness 2023 report. “Ransomware is costing small businesses in a big way,” says Christopher Hojnowski, VP and product head of technology and cyber at Hiscox insurers, who works with…
Read MoreUpcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m speaking twice at RSA Conference 2024 in San Francisco. I’ll be on a panel on software liability on May 6, 2024 at 8:30 AM, and I’m giving a keynote on AI and democracy on May 7, 2024…
Read More
Elon Musk, the tech magnate behind Tesla and SpaceX, is facing legal challenges in Brazil. The Brazilian Supreme Court is investigating Musk for failing to comply with court orders. The nature of these court orders is not entirely clear, but they are likely connected to the January 8th mob attacks on Brazilian government buildings. This…
Read More
DuckDuckGo, the search engine known for its commitment to user privacy, has recently launched a new subscription service called Privacy Pro. Priced at $10 per month, Privacy Pro offers a comprehensive suite of privacy protection features designed to shield users from online tracking and data collection. The centerpiece of Privacy Pro is a no-log VPN…
Read More
Apr 13, 2024NewsroomCyber influence / Warfare The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Friday announced sanctions against an official associated with Hamas for his involvement in cyber influence operations. Hudhayfa Samir ‘Abdallah al-Kahlut, 39, also known as Abu Ubaida, has served as the public spokesperson of Izz al-Din al-Qassam Brigades, the…
Read More
Apr 13, 2024NewsroomCryptocurrency / Regulatory Compliance A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023…
Read More
Intel CEO Pat Gelsinger has made a bold prediction: the rise of AI will soon automate entire offices, potentially leading to the creation of what he calls “one-person, billion-dollar companies.” This vision highlights the rapidly increasing capabilities of artificial intelligence and the potential for radical transformation in the workplace. Intel, a major player in the…
Read More
Apr 13, 2024Newsroom Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company’s Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work…
Read MoreApply appropriate mitigations provided for PAN- OS. Palo Alto plans to release an update for Pan-OS on 4/14. (M1051: Update Software, M1042: Disable or Remove Feature or Program)o Safeguard 4.8: Uninstall or Disable Unnecessary Services on Enterprise Assets and Software: Uninstall or disable unnecessary services on enterprise assets and software, such as an unused file…
Read More