Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the flaw in the wild.
Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw
Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet
More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns.
Apple Scraps CSAM Detection Tool for iCloud Photos
Apple has scrapped plans to ship a controversial child pornography protection tool for iCloud Photos, a concession to privacy rights advocates who warned it could have been used for government surveillance.
TikTok Hit by US Lawsuits Over Child Safety, Security Fears
TikTok was hit Wednesday with a pair of lawsuits from the US state of Indiana, which accused it of making false claims about the Chinese-owned app’s safety for children.
Big Tech Vendors Object to US Gov SBOM Mandate
The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into strong objections from big-name technology vendors.
US Agencies Told to Assess IoT/OT Security Risks to Boost Critical Infrastructure Protection
The US Government Accountability Office (GAO) has urged several federal agencies to conduct cybersecurity-related assessments in an effort to improve the protection of certain critical infrastructure sectors.
Cybersecurity M&A Roundup: 35 Deals Announced in November 2022
Report: California Gun Data Breach Was Unintentional
California’s Department of Justice mistakenly posted the names, addresses and birthdays of nearly 200,000 gun owners on the internet because officials didn’t follow policies or understand how to operate their website, according to an investigation released Wednesday.
Investors Double Down on Pangea Cyber API Security Bet
Pangea Cyber, an early stage startup working on technology in the API security services space, has banked $26 million in a new funding round led by Google Ventures.
One Year Later: Log4Shell Remediation Slow, Painful Slog
Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a long, slow, painful slog for most organizations around the world.
