Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers
The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.
Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model
Netflix's unpopular password-sharing policy change had a positive cybersecurity silver lining. Can more B2C service providers nudge their users toward secure authentication?
MacOS 'Migraine' Bug: Big Headache for Device System Integrity
Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware.
Ways to Help Cybersecurity's Essential Workers Avoid Burnout
To support and retain the people who protect assets against bad actors, organizations should create a more defensible environment.
What Apple's RSRs Reveal About Mac Patch Management
Apple's Rapid Security Response updates are designed to patch critical security vulnerabilities, but how much good can they do when patching is a weeks-long process?
Investment May Be Down, but Cybersecurity Remains a Hot Sector
There's still a great deal of capital available for innovative companies helping businesses secure their IT environments.
Checkmarx Announces GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster
Powered by GPT-4, innovative new AI-driven capabilities lower application security (AppSec) risk and help security teams "shift everywhere" with speed and accuracy.
New eID Scheme Gives EU Citizens Easy Access to Public Services Online
The European Commission voted a new electronic identification scheme that creates new opportunities for EU citizens and businesses.
Mirai Variant Opens Tenda, Zyxel Gear to RCE, DDoS
Researchers have observed several cyberattacks leveraging a botnet called IZ1H9, which exploits vulnerabilities in exposed devices and servers running on Linux.
Focus Security Efforts on Choke Points, Not Visibility
By finding the places where attack paths converge, you can slash multiple exposures in one fix for more efficient remediation.
Salesforce 'Ghost Sites' Expose Sensitive Corporate Data
Some companies have moved on from using Salesforce. But without remembering to fully deactivate their clouds, Salesforce won't move on from them.
Spotlight on 2023 Dan Kaminsky Fellow: Dr. Gus Andrews
As the second Kaminsky Fellow, Dr. Andrews will study the use of threat intelligence to track campaigns against the human rights community.
Human-Assisted CAPTCHA-Cracking Services Supercharge Shopper Bots
On-demand human solvers are now augmenting automated website cyberattacks, offering a better way around tougher anti-bot puzzles.
421M Spyware Apps Downloaded Through Google Play
A Trojan SDK snuck past Google Play protections to infest 101 Android applications, bent on exfiltrating infected device data.
Undetected Attacks Against Middle East Targets Conducted Since 2020
Targeted attacks against Saudi Arabia and other Middle East nations have been detected with a tool that's been in the wild since 2020.
9M Dental Patients Affected by LockBit Attack on MCNA
The government-sponsored dental and oral healthcare provider warned its customers that a March attack exposed sensitive data, some of which was leaked online by the ransomware group.
Pentagon Leaks Emphasize the Need for a Trusted Workforce
Tightening access controls and security clearance alone won't prevent insider threat risks motivated by lack of trust or loyalty.
Top Cyberattacks Revealed in New Threat Intelligence Report
New report provides actionable intelligence about attacks, threat actors, and campaigns.
2 Lenses for Examining the Safety of Open Source Software
Improving the security of open source repositories and keeping malicious components out requires a combination of technology and people.
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
Feds, you’ll need a warrant for that cellphone border search
Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?
height="315" class="aligncenter size-full wp-image-292324" />
ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"?
All this and...
