Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Two chainable zero-day vulnerabilities face Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS): CVE-2023-46805 and CVE-2024-21887. All supported versions of the Ivanti Connect Secure and Policy Secure Gateways are currently at risk, and Ivanti has confirmed that customers have experienced active exploitation. ICS was previously known as Pulse Connect Secure. ICS offers a virtual private network (VPN) gateway, while IPS provides network access control.

Some of the most common types of password attacks include password cracking, password spraying, dictionary attacks, credential stuffing, brute force and rainbow table attacks. The better your password habits are, the less susceptible you are to password attacks. Keeper’s Password Management Report found that only 25% of respondents use strong, unique passwords for every account – meaning that 75% of respondents place their accounts at risk of being compromised due to weak passwords.

This week’s featured cyber incidents included a combined 2.3 million, although one event remains under investigation. The week began with an update from the Edmonds School District regarding their January 2023 breach, which exposed 145,844 individuals. Three other breaches also updated information; NASCO led the group with an update on their 1.6 million breach stemming from MOVEit.

NASCO provides various healthcare solutions to serve Blue Cross and Blue Shield members. They offer a comprehensive portfolio of services and use industry insights to project the needs of their 20 million clients. Thanks to third-party vendors specializing in unique services, NASCO can serve millions of individuals. Progress Software’s MOVEit tool was one of these specialized vendors. The tool allows for streamlined file management and was used globally as a multi-industry option.

We’ve talked a lot about why software bills of materials (SBOMs) are important and how they communicate the value of your organization, so we won’t continue those lectures here. We’re all good on the why so today we’ll talk about the how – the best (and free!) tools to help you create SBOMs automatically. Creating an SBOM manually is arduous and error-prone so why not avoid it altogether?

While you have your heart set on finding a partner, you should also keep your eyes peeled for the dangers that come with dating in the digital realm.

Top tips is a weekly column where we highlight what’s trending in the tech world today and list ways to explore these trends. This week, we’ll look at three types of cyberattacks that are predicted to be prevalent in 2024. If there’s one thing we can be certain of, it’s that we will never ever be safe from cyberthreats. That is why we need to prepare ourselves for the onslaught of cybercrime that is about to hit us this new year.

Welcome to 2024! A new year brings new change, so why not start 2024 with a rapid IT and security hygiene check? Read through the following list, keep a tally, and score your organization out of 10 on these mandatory items. If you don’t know the answer, it’s worth following up to find out.

TL;DR: JFrog’s ML Model Management capabilities, which help bridge the gap between AI/ML model development and DevSecOps, are now Generally Available and come with a new approach to versioning models that benefit Data Scientists and DevOps Engineers alike. Model versioning can be a frustrating process with many considerations when taking models from Data Science to Production.

Read also: The US charges admins, sellers and buyers linked to xDedic, a ShinyHunters hacker gets 3 yers in prison, and more.