Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

On January 31, 2024, Ivanti published an article disclosing two high severity vulnerabilities: CVE-2024-21893: A server-side request forgery flaw present in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons. This vulnerability allows an unauthenticated threat actor to access restricted resources. Ivanti reports that a limited number of customers have been affected by this vulnerability.

Signing up with DataTrails comes with the ability to share your audit trails with your business partners, other applications, and your internal team. Access policies control users, apps & organizations’ read & write privileges to provenance data in DataTrails. If you’re using an integration, access policies offer a way to fine-tune these integrations, giving specific permissions to add to and read your records.

While online dating scams may be a relatively new concept, tales of heartbreak are as old as time. Now, there’s a multi-billion dollar industry dedicated to romantic films, music, and, dating apps. By the end of 2023, dating apps will have reached over 400 million users, generating over $8 billion in revenue through dating, casual dating, and matchmaking services.

Read also: OneCoin’s lawyer gets 10 years in prison, DHS employees sentenced for stealing government software and databases, and more.

New data from cyber insurance underwriters shows what they think the biggest threats will be in 2024 and what organizations should do about it. Because insurance underwriters analyse lots of risk data to make decisions about insurance premiums and policies, it makes sense to hear their perspective on 2024’s outlook will be. According to insurer Woodruff Sawyer’s Cyber Looking Ahead Guide 2024, there’s some good news and some bad news.

Attackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity. “While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector,” the researchers write.

The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion, with a steady Compound Annual Growth Rate (CAGR) expected in the next five years. There is no denying the convenience benefits that the digital transformation of payments has brought consumers and businesses.

Nearly four years ago, the Department of Defense released the Cybersecurity Maturity Model Certification (CMMC). This was created as a complement to NIST SP 800-171, which focused on protecting Controlled Unclassified Information (CUI). If you are unfamiliar with what constitutes CUI, the simple way to think of it is to apply the broadest terms of privacy to any information that relates to any government relationship with a company.

On January 31st 2024, Snyk announced the discovery of four vulnerabilities in Kubernetes and Docker. For Kubernetes, the vulnerabilities are specific to the runc CRI. Successful exploitation allows an attacker to escape the container and gain access to the host operating system. To exploit these vulnerabilities, an attacker will need to control the Dockerfile when the containers are built.