Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
MITRE: Cross-Site Scripting Is 2024's Most Dangerous Software Weakness
In addition to XSS, MITRE and CISA's 2024 list of the 25 most dangerous security vulnerability types (CWEs) also flagged out-of-bounds write, SQL injection, CSRF, and path traversal.
Published on: November 21, 2024 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Cross-Site Scripting Is 2024's Most Dangerous Software Weakness
MITRE and CISA's 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to invest in secure code.
Published on: November 21, 2024 | Source:Study Finds 76% of Cybersecurity Professionals Believe AI Should Be Heavily Regulated
Published on: November 21, 2024 | Source:
Endace Establishes Middle East Regional Headquarters in Saudi Arabia
Published on: November 21, 2024 | Source:
Norton Introduces Small Business Premium for Business-Grade Security
Published on: November 21, 2024 | Source:
Microsoft Takes Action Against Phishing-as-a-Service Platform
The ONNX infrastructure has been servicing criminal actors as far back as 2017.
Published on: November 21, 2024 | Source:Apono Enhances Platform Enabling Permission Revocation and Automated Access
Published on: November 21, 2024 | Source:
RSA Conference 2025 Innovation Sandbox Contest Celebrates 20th Anniversary
Starting in 2025, the RSAC Innovation Sandbox Top 10 Finalists will each receive a $5 million investment to drive cybersecurity innovation.
Published on: November 21, 2024 | Source:VISO TRUST Secures $24M to Accelerate Innovation in AI-Powered Third-Party Risk Management
Published on: November 21, 2024 | Source:
Cloud Security Startup Wiz to Acquire Dazz in Risk Management Play
Dazz's remediation engine will boost risk management in Wiz's cloud security portfolio.
Published on: November 21, 2024 | Source:Feds Charge Five Men in βScattered Spiderβ Roundup
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.
Published on: November 21, 2024 | Source:Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant
In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems.
Published on: November 21, 2024 | Source:Microsoft seizes websites tied to Egypt-based DIY phishing kit-maker
The kits, which the company said were a sophisticated approach to bypassing multifactor authentication, pose a particular threat to the financial services sector. The post Microsoft seizes websites tied to Egypt-based DIY phishing kit-maker appeared first on CyberScoop.
Published on: November 21, 2024 | Source:Scattered Spider Cybercrime Members Face Prison Time
Four of the arrested individuals of the cybercriminal gang, known for hacking MGM and Caesars, are American, all of whom could face up to 27 years in prison for the charges against them.
Published on: November 21, 2024 | Source:How a Mental Health Nonprofit Secures Endpoints for Compassionate Care
Consolidating endpoint management boosts cybersecurity while keeping an Oklahoma-based nonprofit focused on community mental health.
Published on: November 21, 2024 | Source:Meta cracks down on millions of accounts it tied to pig-butchering scams
Itβs one part of a strategy to combat the fast-growing scheme that has cost victims billions of dollars. The post Meta cracks down on millions of accounts it tied to pig-butchering scams appeared first on CyberScoop.
Published on: November 21, 2024 | Source:Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign
As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild. According to statistics shared by the Shadowserver Foundation, a majority of the infections have been reported in the U.S. (554) and India (461), followed by Thailand (80), Mexico (48), Indonesia
Published on: November 21, 2024 | Source:Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That's according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023.
Published on: November 21, 2024 | Source:Cybersecurity Is Critical, but Breaches Don't Have to Be Disasters
The future of cybersecurity isn't about preventing every breach β it's about learning and growing stronger with each attack.
Published on: November 21, 2024 | Source:Privacy-focused mobile phone launches for high-risk individuals
The mobile company Capeβs Android-based phone complies with U.S. law but claims to offer a higher degree of privacy for users. The post Privacy-focused mobile phone launches for high-risk individuals appeared first on CyberScoop.
Published on: November 21, 2024 | Source:How Can PR Protect Companies During a Cyberattack?
When a cybersecurity incident occurs, it's not just IT systems and data that are at risk β a company's reputation is on the line, too.
Published on: November 21, 2024 | Source:10 Most Impactful PAM Use Cases for Enhancing Organizational Security
Privileged access management (PAM) plays a pivotal role in building a strong security strategy. PAM empowers you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team. As an established provider of a PAM solution, weβve witnessed firsthand how PAM transforms organizational security. In
Published on: November 21, 2024 | Source:North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs
Threat actors with ties to the Democratic People's Republic of Korea (DPRK) are impersonating U.S.-based software and technology consulting businesses in order to further their financial objectives as part of a broader information technology (IT) worker scheme. "Front companies, often based in China, Russia, Southeast Asia, and Africa, play a key role in masking the workers' true origins and
Published on: November 21, 2024 | Source:Secret Service Tracking Peopleβs Locations without Warrant
This feels important: The Secret Service has used a technology called Locate X which uses location data harvested from ordinary apps installed on phones. Because users agreed to an opaque terms of service page, the Secret Service believes it doesnβt need a warrant.
Published on: November 21, 2024 | Source:Cyber Story Time: The Boy Who Cried "Secure!"
As a relatively new security category, many security operators and executives Iβve met have asked us βWhat are these Automated Security Validation (ASV) tools?β Weβve covered that pretty extensively in the past, so today, instead of covering the βWhat is ASV?β I wanted to address the βWhy ASV?β question. In this article, weβll cover some common use cases and misconceptions of how people misuse
Published on: November 21, 2024 | Source:Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online
New research has uncovered more than 145,000 internet-exposed Industrial Control Systems (ICS) across 175 countries, with the U.S. alone accounting for over one-third of the total exposures. The analysis, which comes from attack surface management company Censys, found that 38% of the devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America,
Published on: November 21, 2024 | Source:Unveiling WolfsBane: Gelsemiumβs Linux counterpart to Gelsevirine
ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood
Published on: November 21, 2024 | Source:5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme
Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars. All of the accused parties have been
Published on: November 21, 2024 | Source:Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets,"
Published on: November 21, 2024 | Source:NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data
Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher
Published on: November 21, 2024 | Source:It's Near-Unanimous: AI, ML Make the SOC Better
Efficiency is the name of the game for the security operations center β and 91% of cybersecurity pros say artificial intelligence and machine learning are winning that game.
Published on: November 20, 2024 | Source:CISOs can now obtain professional liability insurance
A new business insurance offering can shield CISOs from personal losses in the event of a lawsuit. The post CISOs can now obtain professional liability insurance appeared first on CyberScoop.
Published on: November 20, 2024 | Source:China's 'Liminal Panda' APT Attacks Telcos, Steals Phone Data
In US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering SMS messages, unique identifiers, and other metadata along the way.
Published on: November 20, 2024 | Source:Β US charges five men linked to βScattered Spiderβ with wire fraud
The men have been charged with conspiracy to commit wire fraud. The post US charges five men linked to βScattered Spiderβ with wire fraud appeared first on CyberScoop.
Published on: November 20, 2024 | Source:Vulnerability disclosure policy bill for federal contractors clears Senate panel
The Homeland Security and Governmental Affairs Committee on Wednesday also advanced legislation to strengthen the federal IT supply chain. The post Vulnerability disclosure policy bill for federal contractors clears Senate panel appeared first on CyberScoop.
Published on: November 20, 2024 | Source: