SC Magazine
AI-generated code top cloud security concern amid 100% use rate in survey
GenAI, API and identity risks are key concerns, as well as conflicts between DevOps and SecOps.
HACKRead
DNS Tunneling Used for Stealthy Scans and Email Tracking
DNS tunneling is being used to bypass security filters by hiding malicious traffic in DNS packets, allowing hackers to steal stolen data.
Infosecurity News
Hackers Use DNS Tunneling to Scan and Track
Palo Alto Networks warns threat actors are using DNS tunneling techniques to probe for network vulnerabilities
Cyber Security News
Hackers Exploiting MS-SQL Severs To Deploy Mallox Ransomware
Information such as financial records, customer information, and intellectual property that may be sold on the black web markets is what
The Hacker News
The Fundamentals of Cloud Security Stress Testing
The cloud promises agility, but opens a Pandora's box of cyber risks if not secured properly. Understand your responsibility under the shared responsi
Bleeping Computer
How to Mitigate the Impact of Third-Party Breaches
Third-party data breaches are increasingly becoming a problem as the enterprise moves applications and storage to the cloud. Learn more from Outpost24 on how to reduce the risk from third-party data breaches.
SecurityWeek
RSA Conference 2024 – Announcements Summary (Day 1)
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
The Cyber Express
80% of All Security Exposures Come from Active Directory Accounts
Data sourced from over 40 million exposures that pose high-impact risks to numerous critical business entities revealed that Active Directory
Security Magazine
Misconfigurations drive 80% of security exposures
An analysis of more than 40 million exposures provides a view the current exposure landscape, revealing 80% are driven by misconfigurations.
Infosecurity News
70% of Businesses Prioritize Innovation Over Security in Generative AI
An IBM report found that most organizations are exposing themselves to security risks when implementing generative AI tools
HACKRead
Critical Cybersecurity Loopholes Found in Paris 2024 Olympics Infrastructure
The Paris 2024 Olympics, expected to attract over 1 billion viewers, are a prime target for cyber criminality due to rising online traffic.
DarkReading
Paris Olympics Cybersecurity at Risk via Attack Surface Gaps
Though Olympics officials appear to have better secured their digital footprint than other major sporting events have, significant risks remain for the Paris Games.
SecurityWeek
Horizon3.ai Introduces AI-Assisted Service to Prioritize and Patch Vulnerabilities Faster
Horizon3.ai's AISaaS-based, AI-assisted penetration service allows proactive defensive action against exploitation of new vulnerabilities.
Cyber Security News
Top 8 SSPM Tools to Secure Your SaaS Stack in 2024
The explosion of cloud-based applications, or SaaS (Software-as-a-Service), has transformed the way businesses operate.
Cyber Security News
A Costly Mistake: How an Empty S3 Bucket Led to a Massive AWS Bill
an AWS customer faced a staggering $1,300 bill for S3 usage, despite creating a single, empty bucket for testing purposes.
The Hacker News
Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM
Red Teaming or Exposure Management? Find out how combining these powerful approaches can fortify your cybersecurity defenses.
The Hacker News
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
Multiple critical vulnerabilities discovered in Brocade SANnav SAN management application, impacting all versions up to 2.3.0.
CSO
Salt Security adds defense against OAuth attacks
The new offering is designed to mitigate vulnerabilities and misconfigurations associated with the open authentication (OAuth) authorization framework.
Infosecurity News
Dependency Confusion Vulnerability Found in Apache Project
This occurs when a private package fetches a similar public one, leading to exploit due to misconfigurations in package managers
The Cyber Express
Empowering Rapid Attack Path Analysis with Generative AI
By Nathan Wenzler, Chief Security Strategist, Tenable India is ranked third globally among nations facing the most severe cyber threats,
SecurityWeek
SAP Applications Increasingly in Attacker Crosshairs, Report Shows
Malicious hackers are targeting SAP applications at an alarming pace, according to warnings from Onapsis and Flashpoint.
The Hacker News
GenAI: A New Headache for SaaS Security Teams
GenAI isn't just hype—it's a toolbox revolutionizing how we develop software, manage emails, and create content.
The Hacker News
Identity in the Shadows: Shedding Light on Cybersecurity's Unseen Threats
Ever heard of shadow admins? A single slip in settings can create 109 of them, risking your entire network's security! Learn how to prevent this.
CSO
Open-source scanner can identify risky Microsoft SCCM configurations
Researcher that helped compile the knowledge base of common misconfigurations in SCCM releases scanner MisconfigurationManager.ps1.
.webp)
Cyber Security News
Zscaler Acquires Airgap Networks to Enhance Zero Trust SASE
This acquisition is set to redefine the way enterprises protect their internal traffic, particularly in IT and OT environments.
Infosecurity News
Data Breach Exposes 300k Taxi Passengers’ Information
These records belonged to Dublin-based iCabbi, a dispatch and fleet management technology provider
The Hacker News
Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses
Discover the secret tunnels hackers use to infiltrate your security defenses! Learn about Shadow Admins, Service Accounts, and more in our webinar.
CyberNews
Google Cloud gets GenAI creating cybersecurity powerhouse
Google is integrating generative AI into the Google Cloud to assist users across its various products and platforms – including its new Gemini-driven security platform.
Bleeping Computer
Implementing container security best practices using Wazuh
Maintaining visibility into container hosts, ensuring best practices, and conducting vulnerability assessments are necessary to ensure effective security. In this article Wazuh explores how its software can help implement best security practices for containerized environments.
Cyber Security News
JsOutProx Malware Abusing GitLab To Attack Financial Institutions
GitLab is a prominent web-based Git repository manager that is exploited by hackers to gain unauthorized access to confidential source code,
SC Magazine
Home Depot confirms data breach via third-party vendor
Security pros say threat actors could use the leaked data to run phishing attacks that would steal Home Depot corporate credentials and launch ransomware attacks.
DarkReading
Critical Bugs Put Hugging Face AI Platform in a 'Pickle'
One issue would have allowed cross-tenant attacks, and another enabled access to a shared registry for container images; exploitation via an insecure Pickle file showcases emerging risks for AI-as-a-service more broadly.
The Hacker News
AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks
New research reveals critical security risks for AI-as-a-service providers like Hugging Face. Attackers could gain access to hijack models, escalate
The Hacker News
Considerations for Operational Technology Cybersecurity
Operational Technology (OT) Cybersecurity: A Balancing Act! OT systems' unique traits demand tailored security measures. Learn why safeguarding OT req
SC Magazine
How cloud migration impacts modern network security
Cloud computing improves scalability and may cut costs, but network-security practitioners may have difficulty adjusting. Here are some challenges and solutions of cloud-based network security.
Trend Micro
Why a Cloud Security Platform Approach is Critical
Explore how a cybersecurity platform with attack surface management and runtime protection capabilities can enhance your cloud security posture.
The Hacker News
Harnessing the Power of CTEM for Cloud Security
Tired of chasing endless vulnerabilities? Enter Continuous Threat Exposure Management (CTEM). Prioritize critical exposures, streamline remediation, a
DarkReading
Cloud Email Filtering Bypass Attack Works 80% of the Time
A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them.
SecurityWeek
Binarly Attracts $10.5M to Tackle Software Supply Chain Security
Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage venture capital funding led by Two Bear Capital.
%20(1)%20(1).webp)
Cyber Security News
Linux Admins Beware! Fake PuTTY Client That Rhadamanthys Stealer
Firstly, it is used for remote access to servers and systems at large hence a great ground for infiltration.
SC Magazine
Flaw in Ray AI framework potentially leaks sensitive data of workloads
Threat actor targets AI workloads, believed to be first exploited in the wild.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up : Cyber Attacks, Vulnerabilities, Threats & New Cyber Stories
cybersecurity news will keep you posted on the latest developments, exposures, advances, occurrences, threats, and narratives in this field.
SC Magazine
AWS fixes 1-click account takeover flaw exposing cloud services to XSS risk
Several AWS, Azure and Google Cloud domains were found to lack a key guardrail against XSS.
SC Magazine
AWS fixes 1-click Apache Airflow session hijack flaw
Several AWS, Azure and Google Cloud domains were found to lack a key guardrail against XSS.
Cyber Security News
900+ Websites Exposing 100M+ Accounts Including Plaintext Passwords
A new research has revealed that more than 900 websites had a serious misconfiguration which exposed a massive of 125 million user records
SecurityWeek
Misconfigured Firebase Instances Expose 125 Million User Records
Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, the AI hiring system that serves multiple organizations in the US, including fast food chains such as Applebee’s, Chick-fil-A, KFC, Subway, Taco Bell, and Wendy’s, three security researchers […]
SC Magazine
Google Firebase may have exposed 125M records from misconfigurations
Researchers say they reported their findings to Chattr.ai on Jan. 10, then followed up with a full scan of the internet.
CSO
New knowledge base compiles Microsoft Configuration Manager attack techniques
Researchers from SpecterOps have put together a comprehensive resource that catalogs SCCM attacks and provides defensive strategies and hardening guidance.
DarkReading
NHS Breach, HSE Bug Expose Healthcare Data in the British Isles
Whoopsies in Ireland and Scotland speak to a tenuousness of cyber protections for sensitive private healthcare data.
Infosecurity News
HSE Error Exposed Over a Million Irish Citizens’ Vaccine Status
An AppOmni researcher detailed a misconfiguration in the HSE COVID Vaccination Portal, exposing the health and personal data of over a million Irish citizens
DarkReading
150K+ UAE Network Devices & Apps Exposed Online
Misconfigurations, insecure services leave UAE organizations and critical infrastructure vulnerable to bevy of cyber threats.
Infosecurity News
Cloud Account Attacks Surged 16-Fold in 2023
Red Canary said cloud account compromise detections rose 16-fold in 2023, becoming the fourth most prevalent technique used by threat actors
CyberNews
Massive data leak in Irish Health Service Executive uncovered
The Health Service Executive (HSE) in Ireland accidentally exposed the private information of an estimated one million citizens in December 2021, a researcher has shared.
CSO
Google’s Security Command Center Enterprise fills gaps across cloud security lifecycle
Google Cloud's SCC Enterprise aims to streamline response to threats and misconfigurations across IaaS platforms, including AWS and Azure.
Infosecurity News
New Cloud Attack Targets Crypto CDN Meson Ahead of Launch
Sysdig said the rise of the Meson Network in blockchain signals a new frontier for attackers
The Hacker News
CTEM 101 - Go Beyond Vulnerability Management with Continuous Threat Exposure Management
Curious about CTEM? It’s not just a buzzword—it’s a proactive strategy to identify, prioritize, and mitigate cyber risks.
Infosecurity News
NSA Launches Top 10 Cloud Security Mitigation Strategies
The advisory is associated with ten companion cybersecurity information sheets detailing how to implement each strategy
Cyber Security News
NSA Releases Top 10 Cloud Security Mitigation Strategies - 2024
NSA and CISA released "Top Ten Cloud Security Mitigation Strategies" to advise cloud users on critical security practices for migrating data.
Cyber Security News
Cyber Security News Weekly Round-Up : Vulnerabilities, Cyber Attacks, Threats & New Cyber Stories
Stay updated with the most recent advancements in the cybersecurity industry with our weekly recap of cybersecurity news.
CyberNews
Large online dictionary leaks nearly 7M records
Online dictionary Glosbe leaks user data.
HACKRead
New Linux Malware Alert: 'Spinning YARN' Hits Docker, other Key Apps
Cado Security Labs has discovered an emerging Linux malware campaign dubbed Spinning Yarn targeting misconfigured servers.
Cyber Security News
Best AWS Network Access Security Solutions - 2024
Best AWS Network Access Security : 1. Perimeter 81 2. Amazon Web Services (AWS) Security 3. Palo Alto Networks 4. Fortinet 5. CheckPoint.
The Hacker News
Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks
A tool intended for security, SSH-Snake, now aids attackers in exploiting networks. Discover the depths of its reach and how to safeguard your infrast
DarkReading
'Lucifer' Botnet Turns Up the Heat on Apache Hadoop Servers
More than 3,000 unique attacks hitting Hadoop and Druid honeypots in just the past month indicate an attacker testing phase.
CSO
Hackers using stolen credentials to launch attacks as info-stealing peaks
Abusing valid accounts became the most common entry point into victim environments in 2023.
The Hacker News
VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk
VMware has identified a critical security flaw in its Enhanced Authentication Plugin (EAP), urging users to uninstall it.
DarkReading
Misconfigured Custom Salesforce Apps Expose Corporate Data
Enterprises typically use the Java-like programming language to customize their Salesforce instances, but attackers are hunting for vulnerabilities in the apps.
The Cyber Express
NCSC Issues Guidance to Secure PBX Systems from Cyberattacks
The National Cyber Security Centre (NCSC) in the UK has issued a comprehensive blog aimed at educating individuals and organizations
The Hacker News
SaaS Compliance through the NIST Cybersecurity Framework
Strengthen your SaaS security like a pro! Discover how aligning with NIST standards can fortify your applications against cyber threats.
SecurityWeek
In Other News: US Hacks Iranian Spy Ship, Rhysida Ransomware Decryption, NIST Guidance
US hacks Iranian military vessel used for spying, Rhysida ransomware free decryption tool, NIST guidance on HIPPA and supply chain security.
The Hacker News
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities
2023's cyber attacks put SaaS vulnerabilities in the spotlight. Find out why SaaS is the new supply chain and how to safeguard your organization.
Bleeping Computer
5 Steps to Improve Your Security Posture in Microsoft Teams
Microsoft Teams is susceptible to a growing number of cybersecurity threats as its massive user base is an attractive target for cybercriminals. Learn more from Adaptive Shield on how to increase your Microsoft Teams security posture.
The Hacker News
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know
Password spraying, OAuth hijacking, and nation-state attacks – the cybersecurity world is under siege. Learn how to protect your organization.
The Hacker News
Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?
Discover how Silverfort's Unified Identity Protection Platform revolutionizes Incident Response by swiftly detecting compromised accounts and bolsteri
The Cyber Express
Cybersecurity Resolutions: Strengthening Digital Defences in 2024
By Ashish Tandon, Founder & CEO, Indusface In the ever-evolving landscape of digital threats and cyberattacks, the year 2024 demands
Cyber Security News
10 Best Network as a Service (NaaS) for MSSP Providers - 2024
Network as a Service for MSSP : 1. Perimeter 81 2. Cloudflare 3. Prisma Cloud 4. Megaport 5. Akamai 6. Aryaka 7. Converged Cloud.
HACKRead
US Credit Union Service Leaks Millions of Records and Passwords in Plain Text
The cloud database belonging to Credit Union Service was left exposed without any security authentication or passwords, allowing public access.
DarkReading
Q&A: Tel Aviv Railway Project Bakes in Cyber Defenses
How a light railway in Israel is fortifying its cybersecurity architecture amid an increase in OT network threats.
CyberNews
Two million affected as learning app suffers data leak
A misconfigured database on the LectureNotes Learning App, a platform for sharing class notes, has exposed more than two million user records.
The Hacker News
How a $10B Enterprise Customer Drastically Increased their SaaS Security Posture with 201% ROI by Using SSPM
Protecting your data in the cloud is crucial. Learn how a $10B media firm achieved a 201% ROI with SaaS Security Posture Management.
HACKRead
Ethical Hackers Reported 835 Vulnerabilities, Earned $450K in 2023
According to the report, in 2023, 835 vulnerability reports were submitted by 93 ethical hackers, with 96 cases reported in the HackerOne repository.
The Hacker News
Top Security Posture Vulnerabilities Revealed
Cybersecurity is a continuous battle. Discover the top 6 vulnerabilities organizations should address
Bleeping Computer
Role of Wazuh in building a robust cybersecurity architecture
Leveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions.
SecurityWeek
Orca Flags Dangerous Google Kubernetes Engine Misconfiguration
Attackers could take over a Kubernetes cluster if access privileges are granted to all authenticated users in Google Kubernetes Engine.
The Hacker News
Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters
Cybersecurity researchers have discovered a critical loophole in Google Kubernetes Engine (GKE) that could potentially be exploited by threat actors
HACKRead
Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data
Hailing from Wilmington, Delaware BuyGoods.com boasts a user base of 3 million consumers spanning across 17 countries.
Cyber Security News
What is Infrastructure as Code Security (IaC) - Best Practices Guide in 2024
Infrastructure as Code (IaC) is a DevOps practice used for managing & provisioning IT infrastructure through code instead of Manual Process.
Trend Micro
Endpoint Gartner Magic Quadrant 18-Time Leader in 2024
Explore why Trend Micro is recognized—for the 18th time—as a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms.
DarkReading
Missing the Cybersecurity Mark With the Essential Eight
Australia's Essential Eight Maturity Model still doesn't address key factors needed to protect today's cloud and SaaS environments.
SecurityWeek
US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities
CISA, FBI and EPA document aims to help water and wastewater organizations improve their cyber resilience and incident response.
The Hacker News
TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks
Vulnerabilities found in TensorFlow CI/CD pipeline allow malware upload and token theft.
CyberNews
Erasmus leaves exchange students at risk
Erasmus Student Network leaked sensitive data.
SecurityWeek
Customer Information of Toyota Insurance Company Exposed Due to Misconfigurations
Exposed credentials for an email address at an Indian Toyota insurance broker led to customer information compromise.
Security Affairs
Attackers target Apache Hadoop and Flink to deliver cryptominers
Researchers devised a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners.
The Hacker News
Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks
New cyberattack targets Apache Hadoop & Flink using misconfigurations to deploy crypto miners
Infosecurity News
Mandiant’s X Account Was Hacked in Brute-Force Password Attack
Mandiant has shared its findings following X account hijacking, firm blames misconfigured 2FA and X's policy change
DarkReading
Attacker Targets Hadoop YARN, Flint Servers in Stealthy Campaign
The adversary is exploiting two known misconfigurations in the big data technologies to drop a Monero cryptominer.
SecurityWeek
LoanDepot Takes Systems Offline Following Ransomware Attack
Mortgage lending firm LoanDepot has disclosed a cyberattack resulting in data encryption and system disruptions.
CyberNews
Saudi Ministry exposed sensitive data for 15 months
Saudi Arabia’s Ministry of Industry and Mineral Resources (MIM) data exposed.
The Hacker News
Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface
Explore how Zero Trust Security can minimize your attack surface and safeguard against sophisticated attacks.
Loading more articles....