Application security, Security
November 28, 2023
Via: SecureWorldIn the ever-evolving landscape of computer security, many innovations flood the market, each boasting its efficacy. As a regular attendee of security conferences and contributor to security books, it’s evident to me that the field remains a hot topic. However, […]
November 7, 2023
Via: The RegisterThe UK government has set in train plans to introduce legislation requiring tech companies to let it know when they plan to introduce new security technologies and could potentially force them to disable when required. The measures were announced just […]
October 26, 2023
Via: TechRadarFor a third of small and medium-sized businesses (SMBs) thinking about migrating their infrastructure to the cloud, security is not a strategic priority, new research has claimed. A new Amazon Web Services report surveying more than 800 C-suite executives, vice […]
Threats & Malware, Virus & Malware
October 16, 2023
Via: TechRadarHackers are reportedly abusing compromised Skype accounts in an attempt to distribute the DarkGate malware. In a new report, Trend Micro researchers claimed multiple Skype accounts had been compromised and then used to share a VBA loader script attachment. The […]
October 9, 2023
Via: TechRadarA global CRM provider kept a major client database sitting unprotected on the public web, available to anyone who knew where to look, new research has claimed. The database contained hundreds of thousands of records, many of which were personally […]
October 6, 2023
Via: TechRadarIt looks like the second coming of Spyhide was a short-lived one, with the infamous spyware now truly done and dusted. As reported by TechCrunch, the spyware’s back-end server, which survived the first shutdown intact (and was the reason why […]
Threats & Malware, Vulnerabilities
October 2, 2023
Via: The RegisterSecurity researchers have spotted what they believe to be a “possible mass exploitation” of vulnerabilities in Progress Software’s WS_FTP Server. Researchers at Rapid7 began noticing evidence of exploitation on 30 September across multiple instances of WS_FTP. Progress released fixes for […]
September 26, 2023
Via: TechRadarA concerning amount of companies are pretty woeful in reporting the cyberattacks and breaches they suffer, both internally and externally. Research conducted by Keeper Security found that nearly half (48%) of the IT and security leaders it surveyed that have […]
September 22, 2023
Via: TechRadarMicrosoft is expanding passkey support with Windows 11, meaning users will soon be able to take better advantage of the new technology. In a blog post on its site, the company said that with the upcoming update to the operating […]
September 13, 2023
Via: Help Net SecurityCisco has unveiled Cisco Secure Application (previously Security Insights for Cloud Native Application Observability) on the Cisco Full-Stack Observability Platform, enabling organizations to bring together application and security teams to securely develop and deploy applications. The latest release of Cisco […]
Application security, Security
September 12, 2023
Via: Help Net SecurityWing Security has partnered with Drata to integrate SaaS security controls, robust insights, and automation in order to streamline and expedite user access reviews and vendor risk assessments for compliance frameworks and standards such as SOC 2 and ISO 27001. […]
August 31, 2023
Via: Rassell NealAs with every other industry, the automotive sector has seen a massive uptick in cyberthreats since its digital transformation started to pick up pace. The incorporation of Internet of Things (IoT) devices, infotainment systems, autonomous driving, and other connected technologies […]
August 29, 2023
Via: The Hacker NewsAsk any security professional and they’ll tell you that remediating risks from various siloed security scanning tools requires a tedious and labor-intensive series of steps focused on deduplication, prioritization, and routing of issues to an appropriate “fixer” somewhere in the […]
August 25, 2023
Via: The Hacker NewsEvery company has some level of tech debt. Unless you’re a brand new start-up, you most likely have a patchwork of solutions that have been implemented throughout the years, often under various leadership teams with different priorities and goals. As […]
Threats & Malware, Virus & Malware
August 9, 2023
Via: The Hacker NewsThe U.K. Electoral Commission on Tuesday disclosed a “complex” cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people. “The incident was […]
July 11, 2023
Via: The Hacker NewsWhat is the MITRE ATT&CK Framework?# MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a widely adopted framework and knowledge base that outlines and categorizes the tactics, techniques, and procedures (TTPs) used in cyberattacks. Created by the nonprofit organization […]
Threats & Malware, Vulnerabilities
June 13, 2023
Via: The Hacker NewsFortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been “exploited in a limited number of cases” in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, tracked as CVE-2023-27997 (CVSS score: […]
Threats & Malware, Vulnerabilities
June 12, 2023
Via: The Hacker NewsSecurity vulnerabilities discovered in Honda’s e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information. “Broken/missing access controls made it possible to access all data on the platform, even when logged in as a test account,” […]
June 9, 2023
Via: The Hacker NewsThe way we work has undergone a dramatic transformation in recent years. We now operate within digital ecosystems, where remote work and the reliance on a multitude of digital tools is the norm rather than the exception. This shift – […]
Threats & Malware, Vulnerabilities
May 25, 2023
Via: The Hacker NewsZyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities […]