Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AWS and other cloud infrastructure exposed to after attacks uncovered in the wild Cloud networking solutions provider Aviatrix has published a new vulnerability (CVE-2024-50603) in its controller. This vulnerability allows unauthenticated actors to run arbitrary commands. This Remote Code Execution (RCE) vulnerability, rated CVSS 10 (critical), has been exploited in the wild. A patch is already available on GitHub. Alternatively, users can update to the secure versions 7.1.4191 or 7.2.4996.

Protecting sensitive information is critical in healthcare. Personally Identifiable Information (PII) and Protected Health Information (PHI) form the foundation of healthcare operations. However, these data types come with significant privacy risks. Advanced de-identification techniques provide a reliable way to secure this data while complying with regulations like HIPAA.

On January 14, 2025 Fortinet confirmed a critical zero-day vulnerability, CVE-2024-55591, in Fortinet’s FortiOS and FortiProxy systems that has been actively exploited in the wild. This authentication bypass vulnerability allows attackers to gain super-admin privileges via crafted requests to the Node.js WebSocket module, enabling unauthorized access to firewalls, rogue administrative account creation, and configuration changes.

The recent Codefinger ransomware attack has sent shockwaves through the IT community, specifically targeting businesses relying on AWS S3 storage services. This breach highlights the importance of prioritizing security “best practices” to protect even the most reliable platforms.

In the IT world, it is either “revolution” or “evolution” and 2025 promises to bring both. To stay ahead, IT professionals must prioritize strategies that address emerging threats while maintaining and strengthening their security posture. Here are three critical trends shaping the future of cybersecurity and actionable steps your organization implement today.

Open-source security frameworks are an essential tool in the cybersecurity arsenal. These frameworks provide the foundation for building secure systems and adhering to key industry standards. Yet, despite their importance, many practitioners and organizations fail to tap into the full potential of these frameworks. Exploring them in depth can unlock significant value for businesses, developers, and security teams.

Since the birth of ChatGPT in 2022, the AI boom has affected our lives dramatically. AI technology is becoming so crucial in our work and daily lives that it is projected to contribute $15.7 trillion to the global economy by 2030. A recent addition to the AI market is Grok AI, a generative AI chatbot based on xAI, launched in 2023 by Elon Musk.

In cybersecurity, email has always been a critical concern. However, we feel the new 2024 Gartner Magic Quadrant for Email Security Platforms has signaled a shift in how we approach email protection. We believe this new Magic Quadrant encompasses a broader spectrum of email security providers to reflect the evolving threat landscape and the need for more integrated products.

On January 14, 2025, Fortinet disclosed a new critical (CVSS 9.6) authentication bypass vulnerability affecting FortiOS and FortiProxy. This vulnerability, CVE-2024-55591, allows unauthenticated remote attackers to target the Node.js WebSocket module of the administrative interface and potentially gain super-admin privileges.

ISO published the ISO 27001 standard to outline an information security management system (ISMS) in 2005. Since then, significant revisions have taken place in 2013 and 2022 to better reflect the evolving climate of cybersecurity threats and technologies.