6 AI-Related Security Trends to Watch in 2025
AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks.
-
-
New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy
The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens’ personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. “This final rule is a crucial step forward in addressing the…
-
Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents
The United States Treasury Department said it suffered a “major cybersecurity incident” that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. “On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to…
-
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation
Cybersecurity researchers have uncovered three security weaknesses in Microsoft’s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. “Exploiting these flaws could allow attackers to gain persistent access as shadow administrators
-
PAN-OS Firewall Denial of Service (DoS) Vulnerability
What is the Vulnerability?Attackers are exploiting, a Denial-of-Service vulnerability (CVE-2024-3393) in the DNS Security feature of Palo Alto Networks PAN-OS. This vulnerability allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall, causing it to crash and reboot, potentially leading to Denial of Service (DoS).CISA…
-
US Treasury Department breached through remote support platform
Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency. […]
-
Chinese State Hackers Breach US Treasury Department
In what’s being called a ‘major cybersecurity incident,’ Beijing-backed adversaries broke into cyber vendor BeyondTrust to access US Department of Treasury workstations and steal unclassified data, according to a letter sent to lawmakers.
-
HPE now allows customers to run its most powerful server on AWS but is it actually a good idea?
U7inh instance has 1,920 virtual CPUs and 32TB of memory, and you can run 4 of these Need to sustain SAP workloads is what encouraged HPE to work with AWS However, there’s also the fact HPE may be helping AWS get newer, lucrative leads As businesses face relentless data growth, challenges like data silos and…
-
Hackers exploit Four-Faith router flaw to open reverse shells
Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. […]
-
US government wants to toughen up cybersecurity rules for healthcare organizations
New cybersecurity requirements may soon be introduced for US healthcare firms The new rules will aim to protect systems which hold sensitive information These will cost an estimated $9 billion in the first year A new set of requirements have been proposed by the US Department of Health and Human Services (HHS) for healthcare firms…