Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Unpatched systems are a ticking time bomb. Fifty-seven percent of cyberattack victims acknowledge that available patches would have prevented breaches, yet nearly one-third admit failing to act, compounding the risk. Ponemon research shows organizations now take an alarming average of 43 days to detect cyberattacks, even after a patch is released, up from 36 days the previous year. According to the Verizon 2024 Data Breach Investigations Report, attackers’ ability to exploit vulnerabilities surged by 180% from 2023 to 2024. Chronic firefighting makes manual or partially automated patching overly burdensome, further pushing patching down teams’ priority lists. Relying on manual or partially automated patching systems is considered too time-consuming, further reducing patching to the bottom of a team’s action item list. This is consistent with an Ivanti study that found that the majority (71%) of IT and security professionals think patching is overly complex, cumbersome and time-consuming. When it comes to patching, complacency kills Attackers aggressively exploit legacy Common Vulnerabilities and Exposures (CVEs), often ten or more years old. A sure sign of how effective attackers’ tradecraft is becoming at targeting legacy CVEs is their success with vulnerabilities in some cases, 10-plus years old. A sure sign that attackers are finding new ways to weaponize old vulnerabilities is reflected in the startling stat that 76% of vulnerabilities leveraged by ransomware were reported between 2010 and 2019. The misalignment between IT and security teams compounds delays, with 27% lacking cohesive patch strategies and nearly a quarter disagreeing on patch schedules. One of the unexpected benefits of automating patch management is breaking the impasse between IT and security when it comes to managing the patch workload.    “Typically, on average, an enterprise may patch 90% of desktops within two to four weeks, 80% of Windows servers within six weeks and only 25% of Oracle Databases within six months from patch release date”, writes Gartner in their recent report, “We’re not patching our way out of vulnerability exposure.” The report states that “the cold, hard reality is that no one is out patching threat actors at scale in any size organization, geography or industry vertical.” Ring deployment: proactive defense at scale Every unpatched endpoint or threat surface invites attackers to exploit it. Enterprises are losing the patching race, which motivates attackers even more. In the meantime, patching has become exponentially more challenging for security and IT teams to manage manually. Approximately a decade ago, ring deployment began to rely on Microsoft-dominated networks. Since then, ring deployments have proliferated across on-premise and cloud-based patch and risk management systems. Ring deployment provides a phased, automated strategy, shrinking attacker windows and breach risks. Ring deployment rolls out patches incrementally through carefully controlled stages or “rings:” Test Ring (1%): Core IT teams quickly validate patch stability. Early Adopter Ring (5–10%): A broader internal group confirms real-world compatibility. Production Ring (80–90%): Enterprise-wide rollout after stability is conclusively proven. Ivanti’s recent release of ring deployment is designed to give security teams greater control over when patches will be deployed, to which systems and how each sequence of updates will be managed. By addressing patching issues early, the goal is to minimize risks and reduce and eliminate disruptions. Gartner’s ring deployment strategy escalates patches from internal IT outward, providing continuous validation and dramatically reducing deployment risk. Source: Gartner, “Modernize Windows and Third-Party Application Patching,” p. 6. Ring deployment crushes MTTP, ends reactive patching chaos Relying on outdated vulnerability ratings to lead patch management strategies only increases the risk of a breach as enterprises race to keep up with growing patch backlogs. That’s often when patching becomes cybersecurity’s endless nightmare, with attackers looking to capitalize on the many legacy CVEs that remain unprotected. Gartner’s take in their recent report “Modernize windows and third-party application patching” makes the point brutally clear, showing how traditional patching methods routinely fail to keep pace. In contrast, enterprises embracing ring deployment are getting measurable results. Their research finds ring deployment achieves a “99% patch success within 24 hours for up to 100,000 PCs,” leaving traditional methods far behind. During an interview with VentureBeat, Tony Miller, Ivanti’s VP of enterprise services, emphasized that “Ivanti Neurons for Patch Management and implementing Ring Deployment is an important part of our Customer Zero journey.” He said the company uses many of its own products, which allows for a quick feedback loop and gives developers insight into customers’ pain points. Miller added: “We’ve tested out Ring Deployment internally with a limited group, and we are in the process of rolling it out organization-wide. In our test group, we have benefited from deploying patches based on real-world risk, and ensuring that updates don’t interrupt employee productivity–a significant challenge for any IT organization.” VentureBeat also spoke with Jesse Miller, SVP and director of IT at Southstar Bank, about leveraging Ivanti’s dynamic Vulnerability Risk Rating (VRR), an AI-driven system continuously recalibrated with real-time threat intelligence, live exploit activity, and current attack data. Miller stated clearly: “This is an important change for us and the entire industry. Judging a patch based on its CVSS now is like working in a vacuum. When judging how impactful something can be, you have to take everything from current events, your industry, your environment and more into the equation. Ultimately, we are just making wiser decisions as we are not disregarding CVSS scoring; we are simply adding to it.” Miller also highlighted his team’s prioritization strategy: “We have been able to focus on prioritizing Zero-Day and Priority patches to get out first, as well as anything being exploited live in the wild. Using patch prioritization helps us eliminate our biggest risk first so that we can reduce our attack surface as quickly as possible.” By combining ring deployment and dynamic VRR technology, Ivanti Neurons provides enterprises with structured visual orchestration of incremental patch rollouts. This approach sharply reduces Mean-Time-to-Patch (MTTP), accelerating patches from targeted testing through full deployment and significantly decreasing the exposure windows that attackers exploit. Caption: The Ivanti Neurons interface visually manages deployment rings, success thresholds, patching progress and streamlining operational clarity. Source: Ivanti Neurons Comparing Ivanti Neurons, Microsoft Autopatch, Tanium and ServiceNow: Key strengths and gaps When selecting enterprise patch management solutions, apparent differences emerge among leading providers, including Microsoft Autopatch, Tanium, ServiceNow and Ivanti Neurons. Microsoft Autopatch relies on ring deployment but is restricted to Windows environments, including Microsoft 365 applications. Ivanti Neurons expands on this concept by covering a broader spectrum, including Windows, macOS, Linux and various third-party applications. This enables enterprise-wide patch management for organizations with large-scale, diverse infrastructure. Tanium stands out for its robust endpoint visibility and detailed reporting features, but its infrastructure requirements typically align better with resource-intensive enterprises. Meanwhile, ServiceNow’s strength lies in workflow automation and IT service management integrations. Executing actual patches often demands significant additional customization or third-party integrations. Ivanti Neurons aims to differentiate by integrating dynamic risk assessments, phased ring deployments and automated workflows within a single platform. It directly addresses common enterprise challenges in patch management, including visibility gaps, operational complexity and uncertainty about vulnerability prioritization with real-time risk assessments and intuitive visual dashboards. Caption: Ivanti Neurons provides real-time patch status, vulnerability assessments, and risk exposure metrics, ensuring continuous visibility. Source: Ivanti Neurons Transforming patch management into a strategic advantage Patching alone cannot eliminate vulnerability exposure. Gartner’s analysts continue to stress the necessity of integrating compensating controls, including endpoint protection platforms (EPP), multifactor authentication, and network segmentation to reinforce security beyond basic patching. Combining ring deployment with integrated compensating controls that are part of a broader zero-trust framework ensures security, allows IT teams to shrink exposure windows, and better manage cyber risks. Ivanti’s approach to ring deployment incorporates real-time risk assessments, automated remediation workflows, and built-in threat management, directly aligning patch management with broader business resilience strategies. The design decision to make it part of Neurons for Patch Management delivers the scale enterprises need to improve risk management’s real-time visibility.   Bottom line: Integrating ring deployment with compensating controls and prioritization tools transforms patch management from a reactive burden to a strategic advantage. Daily insights on business use cases with VB Daily If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI. Read our Privacy Policy Thanks for subscribing. Check out more VB newsletters here. An error occured.

May 16, 2025The Hacker NewsZero Trust / Data Protection Data is the lifeblood of productivity, and protecting sensitive data is more critical than ever. With cyber threats evolving rapidly and data privacy regulations tightening, organizations must stay vigilant and proactive to safeguard their most valuable assets. But how do you build an effective data protection framework? In this article, we'll explore data protection best practices from meeting compliance requirements to streamlining day-to-day operations. Whether you're securing a small business or a large enterprise, these top strategies will help you build a strong defense against breaches and keep your sensitive data safe. 1. Define your data goals When tackling any data protection project, the first step is always to understand the outcome you want. First, understand what data you need to protect. Identify your crown jewel data, and where you THINK it lives. (It's probably more distributed than you expect, but this is a key step to help you define your protection focus.) Work with business owners to find any data outside the typical scope that you need to secure. This is all to answer the question: "What data would hurt the company if it were breached?" Second, work with the C-suit and board of directors to define what your data protection program will look like. Understand your budget, your risk tolerance to data loss, and what resources you have (or may need). Define how aggressive your protection program will be so you can balance risk and productivity. All organizations need to strike a balance between the two. 2. Automate data classification Next, begin your data classification journey—that is, find your data and catalog it. This is often the most difficult step in the journey, as organizations create new data all the time. Your first instinct may be to try to keep up with all your data, but this may be a fool's errand. The key to success is to have classification capabilities everywhere data moves (endpoint, inline, cloud), and rely on your DLP policy to jump in when risk arises. (More on this later.) Automation in data classification is becoming a lifesaver thanks to the power of AI. AI-powered classification can be faster and more accurate than traditional ways of classifying data with DLP. Ensure any solution you are evaluating can use AI to instantly uncover and discover data without human input. 3. Focus on zero trust security for access control Adopting a zero trust architecture is crucial for modern data protection strategies to be effective. Based on the maxim "never trust, always verify," zero trust assumes security threats can come from inside or outside your network. Every access request is authenticated and authorized, greatly reducing the risk of unauthorized access and data breaches. Look for a zero trust solution that emphasizes the importance of least-privileged access control between users and apps. With this approach, users never access the network, reducing the ability for threats to move laterally and propagate to other entities and data on the network. The principle of least privilege ensures that users have only the access they need for their roles, reducing the attack surface. 4. Centralize DLP for consistent alerting Data loss prevention (DLP) technology is the core of any data protection program. That said, keep in mind that DLP is only a subset of a larger data protection solution. DLP enables the classification of data (along with AI) to ensure you can accurately find sensitive data. Ensure your DLP engine can consistently alert correctly on the same piece of data across devices, networks, and clouds. The best way to ensure this is to embrace a centralized DLP engine that can cover all channels at once. Avoid point products that bring their own DLP engine (endpoint, network, CASB), as this can lead to multiple alerts on one piece of moving data, slowing down incident management and response. Look to embrace Gartner's security service edge approach, which delivers DLP from a centralized cloud service. Focus on vendors that support the most channels so that, as your program grows, you can easily add protection across devices, inline, and cloud. 5. Ensure blocking across key loss channels Once you have a centralized DLP, focus on the most important data loss channels to your organization. (You'll need to add more channels as you grow, so ensure your platform can accommodate all of them and grow with you.) The most important channels can vary, but every organization focuses on certain common ones: Web/Email: The most common ways users accidentally send sensitive data outside the organization. SaaS data (CASB): Another common loss vector, as users can easily share data externally. Endpoint: A key focus for many organizations looking to lock down USB, printing, and network shares. Unmanaged devices/BYOD: If you have a large BYOD footprint, browser isolation is an innovative way to secure data headed to these devices without an agent or VDI. Devices are placed in an isolated browser, which enforces DLP inspection and prevents cut, paste, download, or print. (More on this later.) SaaS posture control (SSPM/supply chain): SaaS platforms like Microsoft 365 can often be misconfigured. Continuously scanning for gaps and risky third-party integrations is key to minimizing data breaches. IaaS posture control (DSPM): Most companies have a lot of sensitive data across AWS, Azure, or Google Cloud. Finding it all, and closing risky misconfigurations that expose it, is the driver behind data security posture management (DSPM). 6. Understand and maintain compliance Getting a handle on compliance is a key step for great data protection. You may need to keep up with many different regulations, depending on your industry (GDPR, PCI DSS, HIPAA, etc.). These rules are there to make sure personal data is safe and organizations are handling it the right way. Stay informed on the latest mandates to avoid fines and protect your brand, all while building trust with your customers and partners. To keep on top of compliance, strong data governance practices are a must. This means regular security audits, keeping good records, and making sure your team is well-trained. Embrace technological approaches that help drive better compliance, such as data encryption and monitoring tools. By making compliance part of your routine, you can stay ahead of risks and ensure your data protection is both effective and in line with requirements. 7. Strategize for BYOD Although not a concern for every organization, unmanaged devices present a unique challenge for data protection. Your organization doesn't own or have agents on these devices, so you can't ensure their security posture or patch level, wipe them remotely, and so on. Yet their users (like partners or contractors) often have legitimate reasons to access your critical data. You don't want sensitive data to land on a BYOD endpoint and vanish from your sight. Until now, solutions to secure BYOD have revolved around CASB reverse proxies (problematic) and VDI approaches (expensive). Browser isolation provides an effective and eloquent way to secure data without the cost and complexity of those approaches. By placing BYOD endpoints in an isolated browser (part of the security service edge), you can enforce great data protection without an endpoint agent. Data is streamed to the device as pixels, allowing interaction with the data but preventing download and cut/paste. You can also apply DLP inspection to the session and data based on your policy. 8. Control your cloud posture with SSPM and DSPM Cloud posture is one of the most commonly overlooked aspects of data hygiene. SaaS platforms and public clouds have many settings that DevOps teams without security expertise can easily overlook. The resulting misconfigurations can lead to dangerous gaps that expose sensitive data. Many of the largest data breaches in history have happened because such gaps let adversaries walk right in. SaaS security posture management (SSPM) and data security posture management (DSPM for IaaS) are designed to uncover and help remediate these risks. By leveraging API access, SSPM and DSPM can continuously scan your cloud deployment, locate sensitive data, identify misconfigurations, and remediate exposures. Some SSPM approaches also feature integrated compliance with frameworks like NIST, ISO, and SOC 2. 9. Don't forget about data security training Data security training is often where data protection programs fall apart. If users don't understand or support your data protection goals, dissent can build across your teams and derail your program. Spend time building a training program that highlights your objectives and the value data protection will bring the organization. Ensure upper management supports and sponsors your data security training initiatives. Some solutions offer built-in user coaching with incident management workflows. This valuable feature allows you to notify users about incidents via Slack or email for justification, education, and policy adjustment if needed. Involving users in their incidents helps promote awareness of data protection practices as well as how to identify and safely handle sensitive content. 10. Automate incident management and workflows Lastly, no data protection program would be complete without day-to-day operations. Ensuring your team can efficiently manage and quickly respond to incidents is critical. One way to ensure streamlined processes is to embrace a solution that enables workflow automation. Designed to automate common incident management and response tasks, this feature can be a lifesaver for IT teams. By saving time and money while improving response times, IT teams can do more with less. Look for solutions that have a strong workflow automation offering integrated into the SSE to make incident management efficient and centralized. Bringing it all together Data protection is not a one-time project; it's an ongoing commitment. Staying informed of data protection best practices will help you build a resilient defense against evolving threats and ensure your organization's long-term success. Remember: investing in data protection is not just about mitigating risks and preventing data breaches. It's also about building trust, maintaining your reputation, and unlocking new opportunities for growth. Learn more at zscaler.com/security Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More LangChain, one of the leaders in the AI framework and orchestration space, plans to remain committed to the open source ecosystem, particularly as it reinforces its vendor-agnostic stance.  Harrison Chase, Langchain co-founder and CEO, told VentureBeat that the success of its different platforms can be attributed to developers demanding model choice and not staying in a closed provider.  “The power of the LangChain framework is in its integrations and the ecosystem,” Chase said. “The scale of the ecosystem is enormous, and much of that is made possible by the framework being open source.” Chase said LangChain downloads reached 72.3 million last month, compared to competitors like OpenAI’s Agents SDK. He added that the LangChain Python and JS frameworks “have 4,500 contributors, that’s more contributors than Spark.” LangChain, founded in 2022, has grown beyond its initial framework, which helped developers build AI applications. In February last year, it released the testing and evaluation platform LangSmith, a second framework called LangGraph and LangGraph Platform to help deploy autonomous agents.  LangChain remained open source and agnostic to vendors and models throughout its growth. For example, it’s partnered with multiple companies, like Google and Cisco, around agent interoperability. As enterprises began experimenting with AI agents, Chase said LangChain saw an opportunity to offer deployment options that considered developer choices. “Over the past year and a half or so, more and more enterprises and companies are just looking to go into production. So we matured all of our offerings, not just the open source LangChain, but all of our offerings collectively as a company to meet that demand and make it as easy as possible to build agentic applications,” he said.  LangGraph Platform extends open-source offerings One of LangChain’s new open-source platforms is the LangGraph Platform, which became generally available this week. The LangGraph Platform lets developers manage and begin deploying long-lasting or stateful agents. These agents build on what Chase calls “ambient agents,” or agents that work in the background and are triggered by certain events.  “We’ve tried to focus a lot on some of the harder infrastructure problems that surround these agents,” Chase said. “LangGraph is good for long-running stateful agents, so if you’re deploying a simple application, you don’t want to use LangGraph Platform.” He added that the company wants to bet big on ambient or long-running agents, finding this more independent, autonomous agent a more interesting infrastructure challenge.  Through the LangGraph Platform, organizations can deploy agents with one-click deployment, horizontal scaling to handle “bursty, long-running traffic,” a persistence layer to support agentic memory, API endpoints for customization and native access to LangGraph Studio to debug any agents.  Organizations might find themselves bringing more and more agents online. LangGraph Platform includes a management console that lays out all the agents currently deployed and lets users find agents, reuse common agent architectures and create multi-agent architectures.” “One of the big benefits of LangGraph is that it gives the builder of the agent full control over the cognitive architecture. If there’s an [large language model] LLM action that must be done right, a good tool you have to enforce quality is to create an in-the-loop evaluation directly in your LangGraph app,” Chase said.  Chase added that with LangGraph, developers can access “a good orchestration framework” to build agents and bring these reliable agents into LangGraph Platform for deployment.  During the best test, Chase said over 370 teams used LangGraph Platform. LangChain offers three tiers to use LangGraph Platform, with pricing dependent on how developers plan to host the service.  The broader LangChain open-source ecosystem For Chase, one of LangChain’s strengths is its ability to create an entire application and agent development ecosystem.  LangSmith, the company’s testing and observability platform, works with LangGraph and LangGraph Platform to track agent metrics. Since many agents built and run with LangGraph Platform are longer-running, enterprises need to check whether they continue to perform to specifications constantly.  Chase boasted that LangGraph “is the most widely adopted agent framework” and claimed it’s downloaded more than AutoGen from Microsoft and the CrewAI agentic platform, once again citing the open-source value for its success. “LangGraph is most often selected by teams that need to build end-user facing or highly trafficked agents (LinkedIn, Uber, GitLab) – the reason is that you won’t scale off of LangGraph because it’s very low-level and controllable, which is needed for reliable agents. CrewAI and Autogen are often used because they have a less steep learning curve – these frameworks make more decisions for the user, so you’re trading ease of adoption for power,” he said. Daily insights on business use cases with VB Daily If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI. Read our Privacy Policy Thanks for subscribing. Check out more VB newsletters here. An error occured.

May 15, 2025The Hacker NewsRansomware Defense / Business Continuity Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently disclosed how threat actors misused its Quick Assist remote assistance tool to deploy the destructive Black Basta ransomware strain. And what’s worse? Innovations like Ransomware-as-a-Service (RaaS) are lowering the bar for entry, making ransomware attacks more frequent and far-reaching than ever before. According to Cybersecurity Ventures, by 2031, a new ransomware attack is expected every 2 seconds, with projected damages hitting an astronomical $275 billion annually. No organization is immune to ransomware, and building a strong recovery strategy is equally, if not even more, important than attempting to prevent all attacks in the first place. A solid business continuity and disaster recovery (BCDR) strategy can be your last and most critical line of defense when ransomware breaks through, allowing you to bounce back quickly from the attack, resume operations and avoid paying ransom. Notably, the cost of investing in BCDR is negligible compared to the devastation that prolonged downtime or data loss can cause. In this article, we’ll break down the five essential BCDR capabilities you should have in place to effectively recover from ransomware. These strategies can mean the difference between swift recovery and business failure after an attack. Let’s explore what every organization must do before it’s too late. Follow the 3-2-1 (and then some!) backup rule The 3-2-1 backup rule has long been the gold standard: keep three copies of your data, store them on two different media and keep one copy off-site. But in the age of ransomware, that’s no longer enough. Experts now recommend the 3-2-1-1-0 strategy. The extra 1 stands for one immutable copy — a backup that can’t be changed or deleted. The 0 represents zero doubt in your ability to recover, with verified, tested recovery points. Why the upgrade? Ransomware doesn’t just target production systems anymore. It actively seeks and encrypts backups as well. That’s why isolation, immutability and verification are key. Cloud-based and air-gapped backup storage provide essential layers of protection, keeping backups out of reach from threats that even use stolen admin credentials. Having such immutable backups ensures recovery points remain untampered, no matter what. They’re your safety net when everything else is compromised. Plus, this level of data protection helps meet rising cyber insurance standards and compliance obligations. Bonus tip: Look for solutions offering a hardened Linux architecture to camouflage and isolate backups outside of the common Windows attack surface. Automate and monitor backups continuously Automation is powerful, but without active monitoring, it can become your biggest blind spot. While scheduling backups and automating verification saves time, it’s just as important to ensure that those backups are actually happening and that they’re usable. Use built-in tools or custom scripting to monitor backup jobs, trigger alerts on failures and verify the integrity of your recovery points. It’s simple: either monitor continuously or risk finding out too late that your backups never had your back. Regularly testing and validating the recovery points is the only way to trust your recovery plan. Bonus tip: Choose solutions that integrate with professional services automation (PSA) ticketing systems to automatically raise alerts and tickets for any backup hiccups. Protect your backup infrastructure from ransomware and internal threats Your backup infrastructure must be isolated, hardened and tightly controlled to prevent unauthorized access or tampering. You must: Lock down your backup network environment. Host your backup server in a secure local area network (LAN) segment with no inbound internet access. Allow outbound communication from the backup server only to approved vendor networks. Block all unapproved outbound traffic using strict firewall rules. Permit communication only between protected systems and the backup server. Use firewalls and port-based access control lists (ACLs) on network switches to enforce granular access control. Apply agent-level encryption so data is protected at rest, using keys generated from a secure passphrase only you control. Enforce strict access controls and authentication. Implement role-based access control (RBAC) with least-privilege roles for Tier 1 techs. Ensure multifactor authentication (MFA) for all access to the backup management console. Monitor audit logs continuously for privilege escalations or unauthorized role changes. Ensure audit logs are immutable. Review regularly for: Security-related events like failed logins, privilege escalations, deletion of backups and device removal. Administrative actions such as changes to backup schedules, changes to retention settings, new user creation and changes to user roles. Backup and backup copy (replication) success/failure rates and backup verification success/failure rates. Stay alert to serious risks. Configure automatic alerts for policy violations and high-severity security events, such as an unauthorized change to backup retention policies. Test restores regularly and include them in your DR plan Backups mean nothing if you can’t restore from them quickly and completely, and that’s why regular testing is essential. Recovery drills must be scheduled and integrated into your disaster recovery (DR) plan. The goal is to build muscle memory, reveal weaknesses and confirm that your recovery plan actually works under pressure. Start by defining the recovery time objective (RTO) and the recovery point objective (RPO) for every system. These determine how fast and how recent your recoverable data needs to be. Testing against those targets helps ensure your strategy aligns with business expectations. Importantly, don’t limit testing to one type of restore. Simulate file-level recoveries, full bare-metal restores and full-scale cloud failovers. Each scenario uncovers different vulnerabilities, such as time delays, compatibility issues or infrastructure gaps. Also, recovery is more than a technical task. Involve stakeholders across departments to test communication protocols, role responsibilities and customer-facing impacts. Who talks to clients? Who triggers the internal chain of command? Everyone should know their role when every second counts. Detect threats early with backup-level visibility When it comes to ransomware, speed of detection is everything. While endpoint and network tools often get the spotlight, your backup layer is also a powerful, often overlooked line of defense. Monitoring backup data for anomalies can reveal early signs of ransomware activity, giving you a critical head start before widespread damage occurs. Backup-level visibility allows you to detect telltale signs like sudden encryption, mass deletions or abnormal file modifications. For example, if a process begins overwriting file contents with random data while leaving all modified timestamps intact, that’s a major red flag. No legitimate program behaves that way. With smart detection at the backup layer, you can catch these behaviors and get alerted immediately. This capability doesn’t replace your endpoint detection and response (EDR) or antivirus (AV) solutions; it supercharges them. It speeds up triage, helps isolate compromised systems faster and reduces an attack’s overall blast radius. For maximum impact, choose backup solutions that offer real-time anomaly detection and support integration with your security information and event management (SIEM) or centralized logging systems. The faster you see the threat, the faster you can act — and that can be the difference between a minor disruption and a major disaster. Bonus tip: Train end users to recognize and report suspicious activity early If BCDR is your last line of defense, your end users are the first. Cybercriminals are increasingly targeting end users today. According to Microsoft Digital Defense Report 2024, threat actors are trying to access user credentials through various methods, such as phishing, malware and brute-force/password spray attacks. Over the last year, around 7,000 password attacks were blocked per second in Entra ID alone. In fact, ransomware attacks often begin with a single click, usually via phishing emails or compromised credentials. Regular security training — especially simulated phishing exercises — helps build awareness of red flags and risky behaviors. Equip your team with the knowledge to spot ransomware warning signs, recognize unsafe data practices and respond appropriately. Encourage immediate reporting of anything that seems off. Foster a culture of enablement, not blame. When people feel safe to speak up, they’re more likely to take action. You can even take it further by launching internal programs that reward vigilance, such as a Cybersecurity Hero initiative to recognize and celebrate early reporters of potential threats. Final thoughts Ransomware doesn’t have to be feared; it has to be planned for. The five BCDR capabilities we discussed above will equip you to withstand even the most advanced ransomware threats and ensure your organization can recover quickly, completely and confidently. To seamlessly implement these strategies, consider Datto BCDR, a unified platform that integrates all these capabilities. It’s built to help you stay resilient, no matter what happens. Don’t wait for a ransom note to discover that your backups weren’t enough. Explore how Datto can strengthen your ransomware resilience. Get custom Datto BCDR pricing today. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

A patch and a workaround are available but Ivanti urges users patch up.

May 14, 2025Ravie LakshmananVulnerability / Endpoint Security Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below - CVE-2025-4427 (CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials CVE-2025-4428 (CVSS score: 7.2) - A remote code execution vulnerability in Ivanti Endpoint Manager Mobile allowing attackers to execute arbitrary code on the target system The flaws impact the following versions of the product - 11.12.0.4 and prior (Fixed in 11.12.0.5) 12.3.0.1 and prior (Fixed in 12.3.0.2) 12.4.0.1 and prior (Fixed in 12.4.0.2) 12.5.0.0 and prior (Fixed in 12.5.0.1) Ivanti, which credited CERT-EU for reporting the issues, said it's "aware of a very limited number of customers who have been exploited at the time of disclosure" and that the vulnerabilities are "associated with two open-source libraries integrated into EPMM." The company, however, did not disclose the names of the impacted libraries. It's also not known what other software applications relying on the two libraries could be affected. Furthermore, the company said it's still investigating the cases, and that it does not have reliable indicators of compromise associated with the malicious activity. "The risk to customers is significantly reduced if they already filter access to the API using either the built-in Portal ACLs functionality or an external web application firewall," Ivanti noted. "The issue only affects the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti's cloud-based unified endpoint management solution, Ivanti Sentry, or any other Ivanti products." Separately, Ivanti has also shipped patches to contain an authentication bypass flaw in on-premise versions of Neurons for ITSM (CVE-2025-22462, CVSS score: 9.8) that could allow a remote unauthenticated attacker to gain administrative access to the system. There is no evidence that the security defect has been exploited in the wild. With zero-days in Ivanti appliances becoming a lightning rod for threat actors in recent years, it's imperative that users move quickly to update their instances to the latest versions for optimal protection. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

May 14, 2025Ravie LakshmananEndpoint Security / Vulnerability Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them are privilege escalation bugs, and 16 others are classified as information disclosure flaws. The updates are in addition to eight more security defects patched by the company in its Chromium-based Edge browser since the release of last month's Patch Tuesday update. The five vulnerabilities that have come under active exploitation in the wild are listed below - CVE-2025-30397 (CVSS score: 7.5) - Scripting Engine Memory Corruption Vulnerability CVE-2025-30400 (CVSS score: 7.8) - Microsoft Desktop Window Manager (DWM) Core Library Elevation of Privilege Vulnerability CVE-2025-32701 (CVSS score: 7.8) - Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability CVE-2025-32706 (CVSS score: 7.8) - Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32709 (CVSS score: 7.8) - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability While the first three flaws have been credited to Microsoft's own threat intelligence team, Benoit Sevens of Google Threat Intelligence Group and the CrowdStrike Advanced Research Team have been acknowledged for the discovery of CVE-2025-32706. An anonymous researcher has been credited with reporting CVE-2025-32709. "Another zero-day vulnerability has been identified in the Microsoft Scripting Engine, a key component used by Internet Explorer and Internet Explorer mode in Microsoft Edge," Alex Vovk, CEO and co-founder of Action1, said about CVE-2025-30397. "Attackers can exploit the flaw via a malicious web page or script that causes the scripting engine to misinterpret object types, resulting in memory corruption and arbitrary code execution in the context of the current user. If the user has administrative privileges, attackers could gain full system control – enabling data theft, malware installation, and lateral movement across networks." CVE-2025-30400 is the third privilege escalation flaw in DWM Core Library to be weaponized in the wild since 2023. In May 2024, Microsoft issued patches for CVE-2024-30051, which Kaspersky said was used in attacks distributing QakBot (aka Qwaking Mantis) malware. "Since 2022, Patch Tuesday has addressed 26 elevation of privilege vulnerabilities in DWM," Satnam Narang, senior staff research engineer at Tenable, said in a statement shared with The Hacker News. "In fact, the April 2025 release included fixes for five DWM Core Library elevation of privilege vulnerabilities. Prior to CVE-2025-30400, only two DWM elevation of privilege bugs were exploited as zero days – CVE-2024-30051 in 2024 and CVE-2023-36033 in 2023." CVE-2025-32701 and CVE-2025-32706 are the seventh and eighth privilege escalation flaws to be discovered in the CLFS component and have been exploited in real-world attacks since 2022. Last month, Microsoft revealed that CVE-2025-29824 was exploited in limited attacks to target companies in the U.S., Venezuela, Spain, and Saudi Arabia. CVE-2025-29824 is also said to have been exploited as a zero-day by threat actors linked to the Play ransomware family as part of an attack targeting an unnamed organization in the U.S., Broadcom-owned Symantec revealed earlier this month. CVE-2025-32709, likewise, is the third privilege escalation flaw in the Ancillary Function Driver for WinSock component to have come under abuse within a span of a year, after CVE-2024-38193 and CVE-2025-21418. It's worth noting that the exploitation of CVE-2024-38193 has been attributed to the North Korea-linked Lazarus Group. The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add all five vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by June 3, 2025. Microsoft's Patch Tuesday update also addresses a privilege escalation bug in Microsoft Defender for Endpoint for Linux (CVE-2025-26684, CVSS score: 6.7) that could permit an authorized attacker to elevate privileges locally. Stratascale researcher Rich Mirch, who is one of the two researchers, acknowledged for reporting the vulnerability, said the issue is rooted in a Python helper script that includes a function ("grab_java_version()") to determine the Java Runtime Environment (JRE) version. "The function determines the location of the Java binary on disk by checking the /proc/<PID>/exe symbolic link and then executes the java -version command," Mirch explained. "The problem is the Java binary could be running from an untrusted location. A malicious local unprivileged user can create a process with the name java or javaw, which will eventually be executed with root privileges to determine the version of the JRE." Another notable flaw is a spoofing vulnerability affecting Microsoft Defender for Identity (CVE-2025-26685, CVSS score: 6.5) that allows an attacker with LAN access to perform spoofing over an adjacent network. "The lateral movement path detection feature can itself potentially be exploited by an adversary to obtain an NTLM hash," Adam Barnett, lead software engineer at Rapid7, said in a statement. "The compromised credentials in this case would be those of the Directory Services account, and exploitation relies on achieving fallback from Kerberos to NTLM." The vulnerability with the maximum-severity is CVE-2025-29813 (CVSS score: 10.0), a privilege escalation flaw in Azure DevOps Server that allows an unauthorized attacker to elevate privileges over a network. Microsoft said the shortcoming has been already deployed in the cloud and there is no action required on the part of customers. Software Patches from Other Vendors In addition to Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including — Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

"We're excited to become a clinical-stage biotech company; it's exciting from an AI drug discovery standpoint," says Absci founder and CEO Sean McClain. AbsciArtificial intelligence has been working its way into the drug development process for years now, but with little to show so far in revamping the notoriously burdensome process. While drugs are being developed using AI in a variety of ways, no drugs developed completely by AI, from start to finish, have so far made it over the finish line of regulatory approval. For that reason, every attempt by an AI drug to get approval is a landmark of sorts. Tuesday, drug development startup Absci, based in Vancouver, Washington, announced such a landmark, the beginning of a Phase I clinical trial for a therapy it built from scratch using generative AI to treat irritable bowel disease. The company announced it has "dosed" the first patients in Phase I trials, meaning, administering doses of its drug, ABS-101, to healthy volunteers. "This is a very big milestone for the company," said Sean McClain, founder and CEO of Absci, in a conversation with me via Google Meet Tuesday afternoon."We're excited to become a clinical-stage biotech company; it's exciting from an AI drug discovery standpoint," he said.Phase I is the first of three phases in a proposed drug's clinical trial process that must be completed in order for the drug to be considered for approval by regulators (the Food & Drug Administration in the US). The purpose of Phase I is to prove that no adverse side effects result from the drug being put into humans for the first time.  Absci describes the process:The Phase 1 (ACTRN12625000212459p) randomized, double-blind, placebo-controlled, first-in-human study of single ascending doses of ABS-101 will evaluate safety, tolerability, pharmacokinetics (PK), and pharmacodynamics (PD) in healthy volunteers. The study is expected to enroll approximately 40 healthy adult participants. The primary endpoint is safety and tolerability, with PK, PD, and immunogenicity serving as secondary endpoints. The Phase 1 interim data readout is expected in the second half of 2025. Absci has used AI to dramatically streamline the drug development and pre-clinical process, known as the "front end" of drug development, where the discovery of drugs happens, and the initial validation using in vitro and in vivo animal models, before being put into human subjects. ABS-101 was developed from scratch and brought to the clinic in just 24 months, and at a cost of $15 million."Because of AI, we got to the clinic in roughly half the time, from five years to just over 24 months," McClain told me, "and with an order-of-magnitude less cost, $15 million to get this asset into the clinic versus what typically costs $50 to $100 million.Absci's AI-driven software tools, combined with its own wet lab, are a virtual reinvention of laboratory procedures.The company uses generative AI "to predict antibodies from scratch that can bind to a target of interest," McClain said. Traditionally, scientists in a wet lab would use an animal's immune system to generate an antibody. With generative AI, the antibody can be created as a computer model.Absci's ABS-101 is the first drug the company has ever brought to the clinic after over a decade spent on fundamental computer work and wet lab work. It is the company's lead drug candidate in its pipeline of drugs. The novel ABS-101 antibody, developed using generative AI, binds to the TL1A protein in immune cells whose over-expression has been linked to a variety of inflammatory autoimmune diseases.  Absci AbsciNot only did AI cut time and costs, but it has brought other novel advantages, said Christian Stegmann, the company's head of drug development, on the same call."Others have brought antibodies to the clinic that have had shortcomings, which we've tried to address," he said. A big issue has been that prior therapies "lead the patient to develop anti-drug antibodies, which can lead the patients to needing to switch treatments." The ABS-101, he said, is intended to have "reduced immunogenicity risk" by design, which will hopefully mean less drug resistance.In addition, the AI techniques allowed the company to go immediately to a "subcutaneous" method of administering the dose, rather than via a drip into the vein, as is standard in Phase I trials. "That is unusual; it usually comes much later in clinical development settings," said Stegmann. Using a needle versus a drip is important because, ideally, the final drug will be self-administered by patients. If the drug is already being tried out via needle rather than drip, it brings the therapy that much closer to its final form. "That allows us to be quicker in the overall clinical development pipeline, and to gather data for the setting that is actually going to reach the market" in the drug's final form, assuming it is ultimately approved."This is an advantage of AI," McClain said, "this ability to model not just for affinity and potency, but also to optimize for the manufacturability and such -- to go to all the attributes you want in the first go-around; that really helps."The full Phase I clinical trial will extend well into next year, said McClain and Stegmann. Gathering results is somewhat longer than for other Phase I trials because ABS-101 was designed to extend the time between doses. That is a benefit for patients as it makes less frequent dosing (less frequent needle pricks) possible, but it means the trial takes longer to carry out those dosages. "We have a long half life we have to monitor for a while," explained Stegmann.Well before the completion of Phase I, later this year, McClain expects to have a meaningful "read-out" of initial data from the Phase I. "We are going to, in Phase I, understand important pieces [of the whole trial process], as well as confirming whether we see the extended half-life" of the dosage, said McClain. "We will also get a look at the immunogenicity profile; there will be a lot of good information, as far as being able to show the efficacy" of ABS-101.Because of the incremental data Absci will get later this year, they will know enough to seek approval for Phase II and begin recruiting subjects before the completion of Phase I. Phase II is where the intense work of measuring the drug's effectiveness takes place, said McClain. "It's fair to say we will be moving faster into Phase II" than might otherwise be the case, he said. After ABS-101, McClain's next candidate approaching clinical trials is ABS-201, which has two indications of note, one for treating hair loss in the form of alopecia, and another for endometriosis. ABS-201 is expected to enter a Phase I trial in the first half of next year, McClain said.By any measure, drug development needs an overhaul. Creating new drugs, or even repurposing old ones, comes with an enormous cost. A new drug takes, on average, 10 years to develop, from fundamental chemistry through clinical trials to regulatory approval. It can cost almost $3 billion, and the failure rate of most new drug candidates is 96%. There has been a lot of activity so far, without a breakthrough AI drug. The US Food & Drug Administration's Center for Drug Evaluation and Research received over 500 drug applications through 2023 that used some sort of "AI component," according to CDER's materials on AI in drug development. But, as Nature Magazine's Melanie Senior reported in December, "No AI-enabled drug candidate has yet made it past regulators, despite several being in clinical trials."Aside from Absci, a small cohort of startups have made progress getting into trials even if they don't yet have a clinical result. For example, BPGbio of Framingham, Mass., has a drug for pancreatic cancer, developed using AI approaches, that is working its way through Phase II clinical trials.  Beyond the results of ABS-101, and other trials, the goal of Absci is to ultimately "predict the biology." That means the company will seek to "actually start to predict where an antibody should bind to a target to give us the biological response that we want."Absci's stock is publicly traded on Nasdaq. The shares have defied a tough stock market this year, rising 12% versus a 2% decline for the Nasdaq Composite Index. After hours on Tuesday, as Absci issued its press release, the stock surged by as much as 25% in late trading. Featured