Thursday, June 1, 2023

Deconstructing DevSecOps: Why A DevOps-Centric Approach To Security Is Needed In 2023

Is the problem with DevSecOps none other than DevSecOps itself? Maybe we should be thinking in terms of a DevOps-centric approach to security instead.

Google Issues Security Warning For Android TV Users

That Android TV OS device may not be as secure as you think or, indeed, a licensed Android TV OS device at all, Google warns users.

The Sobering Truth About Ransomware—For The 80 Percent Who Paid Up

Newly published research of 1,200 organizations impacted by ransomware reveals the sobering truth that awaits many of those who decide to pay the ransom.

Infinidat Continues Momentum With New Cloud & Cyber-Resiliency Offerings

Infinidat recently unveiled its new InfuzeOS Cloud Edition along with new cyber-detection capabilities with its InfiniSafe Threat Detection. Let's get into each.

Here’s How To Hack Google For Sport And Money In 2023

Google hackers can win big and make money by earning entry to the Hackceler8 eSports competition in Tokyo by climbing the Google CTF hacking leaderboard. Here’s how.

China Cyberattacked The US. Corporations Are On The Front Lines.

China's cyberattack on Guam presages a cruel reality of any future US-China conflict: civilians are on the front lines, and corporations must defend them.

UK Pandemic Programs Failed To Protect Citizens' Health Data, Say Campaigners

The UK's Information Commissioner’s Office (ICO) repeatedly failed to take action over clear breaches of data protection law by the government, according to privacy ca...

Right-Hand Cybersecurity Focuses On Human Behavior To Mitigate Attacks

If there is a single common factor for most security breaches, it’s because people are involved.

Ignoring Cybersecurity Is Intellectually Dishonest

The latest report by cybersecurity firm Sophos showed how 97% of organizations suffered a breach in the last year.

New Cooperative Cybersecurity Models Needed In An Era Of Global Risk

Cybersecurity risks to national security are evolving as hybrid wars are changing the threat landscape. There is an urgency to examine the scope and limitations of existing security strategies in the United States and (NATO)

Record EU Fine For Meta Throws U.S. Data Transfers Into Doubt

Meta has been hit with a €1.2 billion fine, following a decision by the Irish Data Protection Commissioner (DPC) that it's been transferring data to the US unlawfully.

2023 Telesign Trust Index Finds Companies Responsible For Protecting Privacy, Not Consumers

The 2023 Telesign Trust Index found a growing concern among consumers about digital fraud. Why businesses must take a proactive approach to protect their customers.

iOS 16.5—Urgent Update Call As 3 New iPhone Threats Confirmed

iPhone and iPad users are urged to update to iOS 16.5 now as three actively exploited zero-days potentially affecting billions of users have been confirmed by Apple

Inside The World Of Crypto Exchange Hacks

Read how cybercriminals exploit vulnerabilities in crypto exchanges, the tactics they employ, and preventative measures for safeguarding your digital assets.

Making The Most Of A Penetration Test: The Organizational Perspective

Preparing for a penetration test is not trivial and may be hampered by quite a few misconceptions, but it’s crucial for the security assessment to be successful.
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
The Register

Feds, you’ll need a warrant for that cellphone border search

Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
Graham Cluley

Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?

height="315" class="aligncenter size-full wp-image-292324" /> ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for "a website that moves you"? All this and...