Application Security News and Articles
North Korea-linked hacking group BlueNoroff/Lazarus was seen using the RustBucket macOS malware in recent attacks.
The post North Korean Hackers Target Mac Users With New ‘RustBucket’ Malware appeared first on SecurityWeek.
Organizations rely heavily on third-party vendors and contractors. Smart companies will have a service level agreement (SLA) with each vendor which includes information about the vendor’s approach to cybersecurity—in fact, it’s a best ...
Threat actors have been observed abusing Kubernetes RBAC to create backdoors and hijack cluster resources for cryptocurrency mining.
The post Attackers Abuse Kubernetes RBAC to Deploy Persistent Backdoor appeared first on SecurityWeek.
As generative AI platforms like OpenAI’s ChatGPT and Google Bard continue to dominate the headlines—and pundits debate whether the technology has taken off too quickly without necessary guardrails—cybercriminals are showing equal interest ...
Let’s keep this super-simple: the devil is in the details in any disclosure policy. If you go to the OpenAI ChatGPT FAQ, there are a few things that should raise the eyebrows of any security engineer. To that purpose, at the end of this blog, ...
Code leaks can pose significant threats to the security and well-being of businesses, potentially resulting in a range of negative outcomes including financial, reputational, and legal consequences. To prevent such risks and their potential ...
Critical vulnerability found in Inea RTU can be exploited to remotely hack devices and cause disruption in industrial organizations.
The post Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks appeared first on ...
Articles related to cyber risk quantification, cyber risk management, and cyber resilience.
The post Oversight of Cyber Risk: The Board’s Essential Role in Mitigation and Prevention appeared first on Security Boulevard.
VMware has fixed two vulnerabilities (CVE-2023-20864, CVE-2023-20865) in VMware Aria Operations for Logs (formerly vRealize Log Insight), a widely used cloud solution for log analysis and management. About the vulnerabilities (CVE-2023-20864, ...
A global survey of more than 1,600 IT and security leaders conducted by Wakefield Research on behalf of Rubrik finds nearly three-quarters (72%) of organizations have complied with a ransomware demand despite nearly all of them (99%) having ...
Overview On 8 March 2023, PaperCut released new versions for their enterprise print management software, which included patches for two vulnerabilities: CVE-2023-27350 and CVE-2023-27351. The PaperCut security advisory details CVE-2023-27350 as a ...
SolarWinds has patched two high-severity vulnerabilities that could lead to command execution and privilege escalation.
The post SolarWinds Platform Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
In the beginning of March, ReversingLabs researchers encountered a malicious package on the Python Package Index (PyPI) named termcolour, a three-stage downloader published in multiple versions. Finding this malicious payload wasn’t difficult, ...
The topic of how to best secure software supply chains is in the spotlight at this year’s RSA Conference. Many organizations will be sharing their expertise and solutions on how to best defend against the variety of threats that software ...
Learning how to spot the signs of narcissism and identify narcissists will help us ensure that we do not bring these people into our security and fraud teams, or our enterprises.
The post External Signs of Narcissism – Raising Awareness to ...
Retail stores often have visible security measures in place, such as security cameras and personnel monitoring. However, online stores have a security gap as they are vulnerable to cyberattacks, data breaches, and fraud. This security gap poses a ...
More than 3,000 participants from 38 countries took place in NATO’s 2023 Locked Shields cyber defense exercise.
The post 38 Countries Take Part in NATO’s 2023 Locked Shields Cyber Exercise appeared first on SecurityWeek.
Cybersecurity leaders must detect and respond to successful attacks in ways that minimize overall damage to the organization itself. This often leads to delayed reporting that causes more damage than the attack itself.
The post Cyberattack ...
PCI-DSS 4.0 brings new standards to the payment card industry, for which microsegmentation is uniquely suited Microsegmentation is quickly becoming one of the most effective methods to protect sensitive data within the environment. As the Payment ...
Resecurity is excited to announce its participation at RSA Conference 2023, the cybersecurity event that brings together industry leaders and professionals to share knowledge and insights on the latest trends, threats, and solutions. The event ...
