Top

Tag: Security


Access control, Security

Windows 11 is officially killing off passwords and bringing in passkeys

September 22, 2023

Via: TechRadar

Microsoft is expanding passkey support with Windows 11, meaning users will soon be able to take better advantage of the new technology. In a blog post on its site, the company said that with the upcoming update to the operating […]


Cloud security, Security

Cisco Secure Application provides business risk insights for cloud native apps

September 13, 2023

Via: Help Net Security

Cisco has unveiled Cisco Secure Application (previously Security Insights for Cloud Native Application Observability) on the Cisco Full-Stack Observability Platform, enabling organizations to bring together application and security teams to securely develop and deploy applications. The latest release of Cisco […]


Application security, Security

Wing and Drata join forces to ensure a way to keep SaaS compliant

September 12, 2023

Via: Help Net Security

Wing Security has partnered with Drata to integrate SaaS security controls, robust insights, and automation in order to streamline and expedite user access reviews and vendor risk assessments for compliance frameworks and standards such as SOC 2 and ISO 27001. […]


Editorial

Security for Smart Vehicles: Safeguarding the Automotive Industry’s Digital Evolution

August 31, 2023

Via: Rassell Neal

As with every other industry, the automotive sector has seen a massive uptick in cyberthreats since its digital transformation started to pick up pace. The incorporation of Internet of Things (IoT) devices, infotainment systems, autonomous driving, and other connected technologies […]


Network security, Security

Survey Provides Takeaways for Security Pros to Operationalize their Remediation Life Cycle

August 29, 2023

Via: The Hacker News

Ask any security professional and they’ll tell you that remediating risks from various siloed security scanning tools requires a tedious and labor-intensive series of steps focused on deduplication, prioritization, and routing of issues to an appropriate “fixer” somewhere in the […]


Network security, Security

Navigating Legacy Infrastructure: A CISO’s Actionable Strategy for Success

August 25, 2023

Via: The Hacker News

Every company has some level of tech debt. Unless you’re a brand new start-up, you most likely have a patchwork of solutions that have been implemented throughout the years, often under various leadership teams with different priorities and goals. As […]


Threats & Malware, Virus & Malware

U.K. Electoral Commission Breach Exposes Voter Data of 40 Million Britons

August 9, 2023

Via: The Hacker News

The U.K. Electoral Commission on Tuesday disclosed a “complex” cyber attack on its systems that went undetected for over a year, allowing the threat actors to access years worth of voter data belonging to 40 million people. “The incident was […]


Network security, Security

How to Apply MITRE ATT&CK to Your Organization

July 11, 2023

Via: The Hacker News

What is the MITRE ATT&CK Framework?# MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a widely adopted framework and knowledge base that outlines and categorizes the tactics, techniques, and procedures (TTPs) used in cyberattacks. Created by the nonprofit organization […]


Threats & Malware, Vulnerabilities

Critical FortiOS and FortiProxy Vulnerability Likely Exploited – Patch Now!

June 13, 2023

Via: The Hacker News

Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been “exploited in a limited number of cases” in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, tracked as CVE-2023-27997 (CVSS score: […]


Threats & Malware, Vulnerabilities

Password Reset Hack Exposed in Honda’s E-Commerce Platform, Dealers Data at Risk

June 12, 2023

Via: The Hacker News

Security vulnerabilities discovered in Honda’s e-commerce platform could have been exploited to gain unrestricted access to sensitive dealer information. “Broken/missing access controls made it possible to access all data on the platform, even when logged in as a test account,” […]


Access control, Security

5 Reasons Why Access Management is the Key to Securing the Modern Workplace

June 9, 2023

Via: The Hacker News

The way we work has undergone a dramatic transformation in recent years. We now operate within digital ecosystems, where remote work and the reliance on a multitude of digital tools is the norm rather than the exception. This shift – […]


Threats & Malware, Vulnerabilities

Zyxel Issues Critical Security Patches for Firewall and VPN Products

May 25, 2023

Via: The Hacker News

Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities […]


Access control, Security

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets

May 11, 2023

Via: The Hacker News

GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature […]


Data loss, Threats & Malware

Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised

May 5, 2023

Via: The Hacker News

PHP software package repository Packagist revealed that an “attacker” gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. “The attacker forked each of the packages and replaced […]


Threats & Malware, Virus & Malware

Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks

May 3, 2023

Via: Dark Reading

When discussing ransomware groups, too often the focus is on their names, such as Noberus, Royal, and AvosLocker, rather than the tactics, techniques, and procedures (TTPs) used in an attack before ransomware is deployed. For example, the particularly heavy use […]


Cloud security, Security

What’s the Difference Between CSPM & SSPM?

April 17, 2023

Via: The Hacker News

Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are […]


Access control, Security

Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management

April 13, 2023

Via: The Hacker News

Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. “While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they’re known and fixed, which […]


Privacy protection, Security

Majority of US IT Pros Told to Keep Quiet About Data Breaches

April 13, 2023

Via: Dark Reading

While an increasingly number of regulations have made the reporting of data breaches mandatory, a majority of IT professionals in the United States say they have been told to keep quiet about an incident, potentially running afoul of legal requirements. […]


Access control, Security

1Password Unlock with SSO helps enterprises secure their employees

March 10, 2023

Via: Help Net Security

1Password has launched Unlock with Single Sign-On (SSO) which enables enterprise customers to use Okta for unlocking their 1Password accounts, with Azure AD and Duo integration to follow in the coming months. Unlock with SSO helps IT teams improve their […]


Application security, Security

The emergence of trinity attacks on APIs

February 2, 2023

Via: Help Net Security

When it comes to attacks against application programming interfaces (APIs), the building blocks that provide access to many of our applications, the OWASP API Top Ten is seen as definitive – and rightly so. Compiled in 2019 based on a […]