Kategorie

Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A federal judge in San Francisco has ruled that a privacy lawsuit against Google, alleging the company improperly collected personal data from mobile devices, can proceed.

Chief Judge Richard Seeborg dismissed Google’s argument that it had sufficiently informed users about its Web & App Activity settings and obtained their consent for tracking, paving the way for a possible trial in August.

The lawsuit accuses Google of intercepting and saving browsing histories without user consent, even after tracking settings were disabled.

Judge Seeborg noted that reasonable users could view Google’s data practices as “highly offensive,” given the ambiguity in its disclosures and internal employee concerns about how the settings were communicated.

“Internal Google communications also indicate that Google knew it was being ‘intentionally vague’ about the technical distinction between data collected within a Google account and that which is collected outside of it because the truth ‘could sound alarming to users’,” Seeborg wrote.

The Judge noted that Google defended its practices by downplaying internal employee comments cited in the lawsuit, arguing they were focused on identifying technical improvements rather than raising privacy concerns. The company also said that some employees involved in these discussions lacked familiarity with the Web & App Activity (WAA) settings.

“The concerns raised by Google employees are relevant, however, at the very least for tending to show that the WAA disclosures are subject to multiple interpretations,” Seeborg added. “What is more, the remarks and Google’s internal statements reflect a conscious decision to keep the WAA disclosures vague, which could suggest that Google acted in a highly offensive manner, thereby satisfying the intent element of the tort claim.” 

Broader implications of the case

The legal battle against Google could have far-reaching implications for enterprise data governance, particularly in how companies handle user consent and transparency.

The case raises questions about whether current data collection practices align with user expectations and legal requirements, especially in an era where trust in technology firms is under heightened scrutiny.

“Enterprise data policies have typically assumed that vendors are not saving personal information unless there is some sort of opt-in policy,” said Hyoun Park, CEO and chief analyst at Amalgam Insights. “In particular, the argument that data capture ‘doesn’t hurt anyone’ is a red herring compared to the actual requirement for governance.”

However, while Google’s defense focuses on its own practices, the outcome of the case could drive the industry toward better transparency and accountability.

“Google obviously has to defend its actions and perspective, but my hope is that this finding leads to greater transparency,” Park added. “Obviously, one of the challenges of any complex data service, such as Google or Microsoft or Amazon, is the complexity of governance and administration associated with the data environment and the complicity of tracking the data and activity associated with any sort of service.”

The rise of artificial intelligence is adding complexity to data governance and privacy issues.

While the case focuses on the straightforward matter of capturing personal browsing data, the broader challenge lies in managing the tracking and governance of data-related activities, Park added.

Google’s legal woes continue

Google faces mounting legal challenges as scrutiny over its data practices and market dominance intensifies.

In August 2024, a US District Court ruled Google held a monopoly in online search, accusing the tech giant of using its market dominance to stifle competition.

In September, the European Union’s Data Protection Commission opened an inquiry into the company’s use of personal data.

However, analysts say Google may be able to limit reputational damage and bolster its standing with corporate clients with efforts to enhance privacy measures.

“This case underscores the growing scrutiny of Big Tech’s data practices and the increasing demand for transparency,” said Thomas George, president of Cybermedia Research. “How Google and other major tech companies respond to these expectations remains to be seen, as they strive to balance competitiveness with maintaining the trust of users and partners.”

Google has not responded to requests for comment.

The European General Court on Wednesday fined the European Commission, the primary executive arm of the European Union responsible for proposing and enforcing laws for member states, for violating the bloc's own data privacy regulations. The development marks the first time the Commission has been held liable for infringing stringent data protection laws in the region. The court determined that Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. [...]

Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. [...]

Russian internet service provider Nodex confirmed on Tuesday that its network was "destroyed" in a cyberattack claimed by Ukrainian hacktivists part of the Ukrainian Cyber Alliance [...]

SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is "susceptible to actual exploitation." [...]

Cybersecurity company Eset is now urging Windows 10 users to upgrade to Windows 11 or another operating system well in advance of Oct. 14, 2025, when support for Windows 10 ends.

into”It’s about five to twelve minutes to avoid a security fiasco in 2025,” Eset security expert Thorsten Urbanski said, according to Bleeping Computer .

Eset estimates there are around 32 million computers still running Windows 10 in Germany alone, roughly 65% of all devices in the country. Windows 11 runs on 16.5 million devices, corresponding to approximately 33%. According to Statcounter, global figures for Windows 10 and 11 use are similar.

Many Windows 10 users have not upgraded because of Windows 11’s higher hardware requirements, which make it inaccessible for older computers.

“The situation is much more dangerous than when support for Windows 7 ended in 2020,” said Urbanski.

Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. [...]

Computers get clogged with digital “stuff” over time, and while we all like to think we’re good at managing all that D-detritus, there’s somehow never quite enough time to clean things up. If you’re new to the Mac, or even if you’ve used an Apple computer for decades, you need to learn these tips to prune the trash. But first, open the Finder item in the Menu and choose “Empty Trash.”

You’d be surprised how many Mac users forget to do so regularly.

[Related: 11 tips for speeding up your Mac ]

Check your storage

Your Mac has a really excellent storage management system that is available in System Settings in the General tab. (This is also available via the Apple menu, About this Mac, More info). Open that tab and then select Storage. Your Mac will have a little think and reward you with a nice graphic that shows you what is taking up most space on your machine.

This information is divided across numerous sections:

• Applications
• Bin
• Books
• Documents
• iCloud Drive
• Mail
• Messages
• Music
• Photos
• Podcasts
• TV
• Other Users & Shared
• macOS
• System Data

Now that you’ve got a bird’s eye view of your storage, you can begin to get rid of some of the clutter.

Use the Recommendations

Apple has built a system to help you delete some of the most commonly accumulated stuff, which it makes available as Recommendations. These Recommendations usually appear at the top of the list of stored media, just beneath the image in Storage. You will not see these if you have already followed them, but if you do these may include:

• Store in iCloud: This stores all your Desktop and Documents files in the cloud and only keeps recent files locally available on your Mac. The too will also store messages, attachments, photos, and videos for you. This maximizes storage space. 
• Optimize Storage: This tool automatically removes movies and TV shows sourced from Apple from your Mac, though you can still download them again.
• Empty Trash automatically: This tool is recommended as it will automatically erase anything that has been in the Trash for over 30-days.

Open your ‘I’s

Take a look at the above and you’ll find that each section has a small I beside it. Tap this and you’ll get more information to help you manage each of those sections. Tap the I icon for Applications, for example, and you’ll find all those you have installed; you should delete all those you no longer use. if you find any software you don’t need, you can select it in this view and hit Delete to get rid of it, freeing up a little space.

It’s good to take a look inside each category, particularly Messages, where you can delete some of these huge attachments you might not realize you have stored on your device.

What about your Downloads folder?

When did you last take a look inside your Downloads folder? Open it now. (Go>Downloads in the menu bar). Most Mac users find they have lots of items stored there, many of which might still be important. You can free up huge quantities of space on your Mac by going through what you have stored in the folder, filing important items in relevant folders on your Mac, and deleting the rest. Of course, the easiest way to review all those items is to view the files as a list using View>As List. 

Manage all your largest files

Here’s a way to quickly review all the largest files you have stashed on your Mac. Let’s create a Smart Folder to monitor for larger files. 

• In the Finder Menu choose New Smart Folder.
• A “New Smart Folder” window appears. You’ll see an option to search “This Mac.” Select that.
• Look to the left along the row and you’ll see a Save command (which we will use later). You will also see a Plus (+) button. Tap this.
• A set of choices comes up. The first defaults to Kind. Tap this to access a drop down menu where you should tap “Other.”
• A long list appears; the one you want is File Size, which you should check.
• Once you do so, you’ll be able to select it in the drop down list to replace Kind.
• In the next item on the row, you’ll get to choose a parameter. I suggest you use “is greater than.”
• Two more choices appear in the row; the first lets you set a number — try 100. The second lets you define a size — try MB.
• You will immediately see every file on your Mac that is larger than 100MB. You can delete any of these items by control-clicking them and choosing Move to Bin. But be certain not to delete any System files, as doing so may damage your system. In general, it’s a good rule not to delete anything you do not recognize.

Now you have this bird’s eye view into large items on your Mac you can Save it for future use. 

• Return to the original Row you first looked at, and tap Save.
• Give the search a name, such as “Large Files.”
• By default, the search saves in Saved Searches, which is as good a place as any.
• Also by default, the search can be added to the sidebar — just make sure this option is ticked.

In the future, you’ll find your new “Large Files” search is available to you in Favorites from within the Finder sidebar, making it super easy to swiftly identify any space invaders you still have on your system.

Take a look in Mail

Your email application is full of stuff. All those Mail attachments mount up over the years, and while you need to keep some of them some of the time, you probably don’t need to retain all of them forever. The best practice is to delete attachments in emails you no longer need; you can do this by deleting the message itself or selecting a message and choosing Remove Attachments in the Messages menu. 

You can also create a search in Mail that lets you identify emails containing attachments. Try Mailbox>New Smart Mailbox, select “contains attachments” and save. This is a very unsophisticated tool that just makes it easier for you to monitor any emails you might have received that contain attachments, though it still makes for a very manual process. This is actually the problem with Mail: it doesn’t let you easily manage emails containing large attachments. It does let you do one more thing, however, which you should do now: Open Mailbox and choose Erase Junk Mail to get rid of all the junk that has accumulated. You should also select Erase Deleted Items.

Run Onyx or CleanMyMac

There are numerous applications that claim to help you free up and better manage space on your Mac. I like the free Onyx application, which has been my go-to troubleshooting solution for years. But many users also like MacPaw’s CleanMyMac application. What these applications do is make it possible to delete data you can’t easily or safely get to on your Mac, including unwanted database files, bloated logs, and more. Apple says that macOS will automatically clear such data — including temporary database files, interrupted downloads, staged macOS and app updates, Safari website data, and more — when space is needed on your Mac. But some users might prefer to be proactive.

• With Onyx, install the software, open Maintenance and select and run the Cleaning options available there.
• Using CleanMyMac, run the Cleanup routine, which will scan your Mac to present you with a selection of choices of what to clean.

What both applications do is force the Mac to run tasks it should do automatically.

Delete old user profiles

If you are using a shared Mac it is likely it will also be a managed Mac, in which case the following option might not be available as it may be managed on your behalf by IT. The problem this solves is that each user on a Mac gets its own user profile which contains all the data and documents that relate to that user. That’s fine when everyone is actively using the Mac, but when someone stops using the machine it becomes necessary to delete their profile to free up the space – though they should get the data they need off the Mac before you do.

To delete an unwanted User profile open System Settings>Users & Groups. If you see the word Admin under your name you will be able to follow the rest of these steps, once you click the lock icon and enter the password. Then choose the user you intend to delete and click Delete User by clicking the – (minus) button. 

Three options appear:

• Save the home folder in a disk image: All the information will be archived for potential restore,
• Don’t change the home folder: Everything is left in place and the user can be restored.
• Delete the home folder: Everything is deleted.

Before choosing the third option, it’s incredibly important to ensure you have the right to delete the user.

If you have additional suggestions, please let me know.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and MeWe. 

Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious. While there are safeguards such as DomainKeys Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them. [...]

​Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. [...]

​American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach. [...]

Initial Access Brokers (IABs) are specialized cybercriminals that break into corporate networks and sell stolen access to other attackers. Learn from Specops Software about how IABs operate and how businesses can protect themselves. [...]

Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. "The NonEuclid remote access trojan (RAT), developed in C#, is a highly sophisticated malware offering unauthorised remote access with advanced evasion techniques," Cyfirma said in a technical analysis published last week. "It employs [email protected]

​The United Nations' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database. [...]

2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend will continue. So, to be prepared for any kind of malware attack, every organization needs to know its cyber enemy in advance. Here are 5 common malware families that you can start preparing to counter [email protected]

Industry forces — led by Apple and Google — are pushing for a sharp acceleration of how often website certificates must be updated, but the stated security reason is raising an awful lot of eyebrows.

Website certificates, also known as SSL/TLS certificates, use public-key cryptography to authenticate websites to web browsers. Issued by trusted certification authorities (CAs) that verify the ownership of web addresses, site certificates were originally valid for eight to ten years. That window dropped to five years in 2012 and has gradually stepped down to 398 days today.

The two leading browser makers, among others, have continued to advocate for a much faster update cadence. In 2023, Google called for site certificates that are valid for no more than 90 days, and in late 2024, Apple submitted a proposal to the Certification Authority Browser Forum (CA/Browser Forum) to have certificates expire in 47 days by March 15, 2028. (Different versions of the proposal have referenced 45 days, so it’s often referred to as the 45-day proposal.)

If the CA/Browser Forum adopts Apple’s proposal, IT departments that currently update their company’s site certificates once a year will have to do so approximately every six weeks, an eightfold increase. Even Google’s more modest 90-day proposal would multiply IT’s workload by four. Here’s what companies need to know to prepare.

Why the push for shorter SSL certificate lifespans?

The official reason for speeding up the certificate renewal cycle is to make it far harder for cyberthieves to leverage what are known as orphaned domain names to fuel phishing and other cons to steal data and credentials.

Orphaned domain names come about when an enterprise pays to reserve a variety of domain names and then forgets about them. For example, Nabisco might think up a bunch of names for cereals that it might launch next year — or Pfizer might do the same with various possible drug names — and then eight managerial meetings later, all but two of the names are discarded because those products will not be launching. How often does someone bother to relinquish those no-longer-needed domain names?

Even worse, most domain name registrars have no mechanism to surrender an already-paid-for name. The registrar just tells the company, “Make sure it’s not auto-renewed, and then don’t renew it later.”

When bad guys find those abandoned sites, they can grab them and try and use them for illegal purposes. Therefore, the argument goes, the shorter the timeframe when those site certificates are valid, the less of a security threat it poses. That is one of those arguments that seems entirely reasonable on a whiteboard, but it doesn’t reflect reality in the field.

Shortening the timeframe might lessen those attacks, but only if the timeframe is so short it denies the attackers sufficient time to do their evil. And, some security specialists argue, 47 days is still plenty of time. Therefore, those attacks are unlikely to be materially reduced.

“I don’t think it is going to solve the problem that they think is going to be solved — or at least that they have advertised it is going to solve,” said Jon Nelson, the principal advisory director for security and privacy at the Info-Tech Research Group. “Forty-seven days is a world of time for me as a bad guy to do whatever I want to do with that compromised certificate.”

Himanshu Anand, a researcher at security vendor c/side, agreed: “If a bad actor manages to get their hands on a script, they can still very likely find a buyer for it on the dark web over a period of 45 days.”

That is why Anand is advocating for even more frequent updates. “In seven days, the amount of coordination required to transfer and establish a worthy man-in-the-middle attack would make it a lot tighter and tougher for bad actors.”

But Nelson questions whether expired domain stealing is even a material concern for enterprises today.

“Of all of the people I talk with, I don’t think I have talked with a single one that has had an incident dealing with a compromised certificate,” Nelson said. “This isn’t one of the top ten problems that needs to be solved.”

That opinion is shared by Alex Lanstein, the CTO of security vendor StrikeReady. “I don’t want to say that this is a solution in search of a problem, but abusing website certs — this is a rare problem,” Lanstein said. “The number of times when an attacker has stolen a cert and used it to impersonate a stolen domain” is small.

Getting a handle on faster site certificate updates

Nevertheless, it seems clear that sharply accelerated certificate expiration dates are coming. And that will place a dramatically larger burden on IT departments and almost certainly force them to adopt automation. Indeed, Nelson argues that it’s mostly an effort for vendors to make money by selling their automation tools.

“It’s a cash grab by those tool makers to force people to buy their technology. [IT departments] can handle their PKI [Public Key Infrastructure] internally, and it’s not an especially heavy lift,” Nelson said.

But it becomes a much bigger burden when it has to be done every few months or weeks. In a nutshell, renewing a certificate manually requires the site owner to acquire the updated certificate data from the certification authority and transmit it to the hosting company, but the exact process varies depending on the CA, the specific level of certificate purchased, the rules of the hosting/cloud environment, the location of the host, and numerous other variables. The number of certificates an enterprise must renew ranges widely depending on the nature of the business and other circumstances.

C/side’s Anand predicted that a 45-day update cycle will prove to be “enough of a pain for IT to move away from legacy — read: manual — methods of handling scripts, which would allow for faster handling in the future.”

Automation can either be handled by third parties such as certificate lifecycle management (CLM) vendors, many of which are also CAs and members of the CA/Browser Forum, or it can be created in-house. The third-party approach can be configured numerous ways, but many involve granting that vendor some level of privileged access to enterprise systems — which is something that can be unnerving following the summer 2024 CrowdStrike situation, when a software update by the vendor brought down 8.5 million Windows PCs around the world. Still, that was an extreme example, given that CrowdStrike had access to the most sensitive area of any system: the kernel.

The $12 billion publisher Hearst is likely going to deal with the certificate change by allowing some external automation, but the company will build virtual fences around the automation software to maintain strict control, said Hearst CIO Atti Riazi.

“Larger, more mature organizations have the luxury of resources to place controls around these external entities. And so there can be a more sensible approach to the issue of how much unchecked automation is to exist, along with how much access the third parties are given,” Riazi said. “There will most likely be a proxy model that can be built where a middle ground is accessed from the outside, but the true endpoints are untouched by third parties.”

The certificate problem is not all that different from other technology challenges, she added. 

“The issue exemplifies the reality of dealing with risk versus benefit. Organizational maturity, size, and security posture will play great roles in this issue. But the reality of certificates is not going away anytime soon,” Riazi said. “That is similar to saying we should all be at a passwordless stage by this point, but how many entities are truly passwordless yet?”

What happens when a website certificate expires?

There is a partially misleading term often used when discussing certificate expiration. When a site certificate expires, the public-facing part of the site doesn’t literally crash. To the site owner, it can feel like a crash, but it isn’t.

What happens is that there is an immediate plunge in traffic. Some visitors — depending on the security settings of their employer — may be fully blocked from visiting a site that has an expired certificate. For most visitors, though, their browser will simply flag that the certificate has expired and warn them that it’s dangerous to proceed without actually blocking them.

But Tim Callan, chief compliance officer at CLM vendor Sectigo and vice chair elect of the CA/Browser Forum, argues that site visitors “almost never navigate past the roadblock. It’s very foreboding.”

That said, an expired certificate can sometimes deliver true outages, because the certificate is also powering internal server-to-server interactions. 

“The majority of certs are not powering human-facing websites; they are indeed powering those server-to-server interactions,” Callan said. “Most of the time, that is what the outage really is: systems stop.” In the worst scenarios, “server A stops talking to server B and you have a cascading failure.”

Either way, an expired certificate means that most site visitors won’t get to the site, so keeping certificates up to date is crucial. With a faster update cadence on the horizon, the time to make new plans for maintaining certificates is now.

All that said, IT departments may have some breathing room. StrikeReady’s Lanstein thinks the certification changes may not come as quickly or be as extreme as those outlined in Apple’s recent proposal.

“There is zero chance the 45 days will happen” by 2028, he said. “Google has been threatening to do the six-month thing for like five years. They will preannounce that they’re going to do something, and then in 2026, I guarantee that they will delay it. Not indefinitely, though.”

C/side’s Anand also noted that, for many enterprises, the certificate-maintenance process is multiple steps removed.

“Most modern public-facing platforms operate behind proxies such as Cloudflare, Fastly, or Akamai, or use front-end hosting providers like Netlify, Firebase, and Shopify,” Anand said. “Alternatively, many host on cloud platforms like AWS [Amazon Web Services], [Microsoft] Azure, or GCP [Google Cloud Platform], all of which offer automated certificate management. As a result, modern solutions significantly reduce or eliminate the manual effort required by IT teams.”

Also by Evan Schumann:

• Planes, trains and third-party risks — a tale of two IT-related shutdowns
• Anthropic’s LLMs can’t reason, but think they can — even worse, they ignore guardrails
• The Macy’s accounting disaster: CIOs, this could happen to you.
  

>