About the Vulnerability

On January 8, Ivanti disclosed two critical vulnerabilities affecting its Connect Secure, Policy Secure, and Neurons for Zero Trust Access (ZTA) gateway devices. These flaws include:

• CVE-2025-0282: A stack-based buffer overfl

The rapidly evolving expectations of cybersecurity are pushing CISOs to adapt and demonstrate greater value to their organizations. This session explores the changing role of the CISO heading into 2025, strategies for managing increasing expectations

I didn’t see much visibility on this DocuSign hack. This is a situation where the product features were not vetted to understand if they could be misused by malicious fraudsters. There is not a technical vulnerability, it comes down to a design weakn

CISA has raised the alarm about, the recently discovered CVE-2024-5910 in Palo Alto Networks’ Expedition tool. This vulnerability is being actively exploited, leaving organizations scrambling to secure their systems before attackers take advantage.

B

As per the SEBI circular "SEBI/HO/ ITD-1/ITD_CSC_EXT/P/CIR/2024/113" dated 20 Aug 2024 it is mandatory for all MIIs and Qualified REs to be compliant to the below DE.DP.S4 CART guidelines.

SEBI’s CART Requirement (SEBI/HO/ ITD-1/ITD_CSC_EXT/P/CIR/202

The Gartner Hype Cycle 2024 shows how existing technologies have been integrated into broader platforms for more comprehensive exposure management.

Key changes in Gartner Hype Cycle 2024:

• Exposure Assessment Platforms now include both :

  • vulnerabil

The arms race continues between those attempting to detect GenAI-created content and those who want to keep their origins concealed. For example, detecting if ChatGPT was employed to write content, such as academic papers. According to reports, OpenA

Cyber Security has rapidly evolved by including AI-driven tools like Generative Pre-trained Transformers (GPTs). Here's an overview of the impactful cyber security GPTs that might be helpful for Chief Information Security Officers (CISOs) and their s

This blog discusses essential questions that organizations should consider when evaluating potential EASM vendors, focusing on features, support, and integration capabilities.

External Attack Surface Management (EASM) is a critical component in ide

On July 19, 2024, a CrowdStrike update caused a global IT outage, impacting millions of Windows devices. In this article on ‘crowdstrike microsoft outage and what we learned as CISOs,’ we explore the event’s specifics and discuss key lessons for IT l

Not sure who need this resource, but Microsoft updated its Recovery Tool for the CrowdStrike issue on Windows endpoints:

Here is the link to the Microsoft Tech Community Support Site:

https://techcommunity.microsoft.com/t5/intune-customer-success/new-r

CISA released 7 Industrial Control Systems (ICS) advisories in July, which provide timely information about current security vulnerabilities and exploits.

1> Johnson Controls Kantech Door Controllers

ICSA-24-184-01 Johnson Controls Kantech Door Contr

A program that involves several processes to run simultaneously without having to wait for completion of execution for previous ones is called Asynchronous programming. When data driven tasks are done sequentially then it might spoil the user experie

When cybersecurity researchers break the law, destroy their reputation, and make the bug-bounty research community look bad.

TL:DR Researchers found a vulnerability in a cryptocurrency exchange. They notified the company, but then exploited the bug to

Reuven Cohen, who goes by the Twitter handle @ruv, has recently been experimenting with using GPT to power attack bots. He recently posted this on his Facebook page after being able to create such an attack bot very quickly:

“Autonomous AI Hack Bots

Artificial intelligence is the most powerful cutting edge technology that uses computer systems that are programmed with machine learning abilities, has capabilities of performing specific tasks that is beyond the capabilities of human mind. Human br