Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Ut
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to vie
oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise Products Openwall GNU/*/Linux server OS Linux Kernel Runtime Guard John the Ripper password cracker Free & Open Source f
Internet Backdoor in a string of binary code in a shape of an eye. Getty Images Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions
The scourge of software supply chain attacks—an increasingly common hacking technique that hides malicious code in a widely used legitimate program—can take many forms. Hackers can penetrate an update
Cybersecurity Roundup: January 30, 2024 18 hours ago This week: the notorious NSA Furby memo (“NSA FURBIE ALERT”) is finally made public; Google and Apple rolling out privacy-threatening AI into messa
Yesterday I provided testimony to Congress about the CTI League and addressed the allegations that it is somehow part of a government censorship apparatus. Part of that testimony is in our statement l
WASHINGTON, Dec 6 (Reuters) - Unidentified governments are surveilling smartphone users via their apps' push notifications, a U.S. senator warned on Wednesday. In a letter to the Department of Justice
8 min read · 2 days ago How can you know how many security jobs there are if there’s no real statistical data available? https://imgflip.com/i/87fumc Millions of information security jobs As I wrote i
GPTs & Assistants API - Code Interpreter Data Exfiltration evren's blog GPTs and Assistants API: Data Exfiltration and Backdoor Risks in Code Interpreter OpenAI DevDay, in San Francisco. “You can buil
Security and data analytics company Sumo Logic disclosed a security breach after discovering that its AWS (Amazon Web Services) account was compromised last week. The company detected evidence of the
Atlassian reassessed the severity rating of the recent improper authorization vulnerability in Confluence Data Center and Server, raising the CVSS score from 9.1 to a maximum of 10. The company overha
Microsoft has made fresh commitments to harden the security of its software and cloud services after a year in which numerous members of the global infosec community criticized the company's tech defe
The great thing about the security industry is it’s made up of a variety of roles and people from many backgrounds, disciplines, skill sets and lived experiences. Let’s take a look at some of these -
FTC Expands Financial Data Breach Reporting Requirements https://www.databreachtoday.com/ Become A Premium Member News All News Articles Interviews Blogs Videos Compliance Healthcare's Ransomware Atta
Written by Gary DeMercurio of Caliber Security Partners, reposted from LinkedIn Out of 1,000 employees, statistically, 162 of them will allow an attacker into your company. About a week ago, someone s
I am an old git. I am 54. Yes, I do look much younger, thanks for noticing. If you are an old git like me, then you never had social media as a youngling. Your social network was as far as you could r
1Password 1Password, a password manager used by millions of people and more than 100,000 businesses, said it detected suspicious activity on a company account provided by Okta, the identity and authen
Welcome to The Cybersecurity 202! My cat Julius “Jules” Jonas Jonah Jameson has been extra-angelic of late. He’s always superb, but he’s just on another level of awesomeness recently.
Was this forwarded to you? Sign up here.
Below: The Supreme Court temporarily blocks a social media order, and a…
Data Breaches UK’s financial watchdog FCA imposes a £11 million (approximately $13.5 million) fine to Equifax over the 2017 data breach. October 16, 2023 The British watchdog Financial Conduct Authori
Japan Joins Cybersecurity Framework to Encourage Secure by Design Software, Shift Accountability Burden to Manufacturers - The Japan News Please disable the ad blocking feature. To use this site, plea
Okta , a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer supp
Published in Starting Up Security · 7 min read · Oct 9 The Exploit Prediction Scoring system (EPSS) is great. You might like it, too, if you deal with large amounts of vulnerabilities. The Hand-Wavy E
Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal aut
Miragec/Getty Images Google has been caught hosting a malicious ad so convincing that there’s a decent chance it has managed to trick some of the more security-savvy users who encountered it. Enlarge
Your weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Patrick Gray . It's supported by the Cyber Initiative at the Hewlett Foundation and this week's edition is brough
In 2021, I performed a security audit of The Squid Caching Proxy . Squid is by far the most well known open-source forwarding HTTP proxy, and is used in many contexts, like corporations that want to f
PROGRAM DESCRIPTION The Microsoft AI bounty program invites security researchers from across the globe to discover vulnerabilities in the new, innovative, AI-powered Bing experience. Qualified submiss
So I did it again . Proving I’m the most incompetent Security Hero EVER , I committed eight different access keys to a public GitHub repository for eight different AWS Accounts. What is fascinating is
solutions Solutions Attack Resistance Management Understand your attack surface, test proactively, and expand your team. Vulnerability Management Fortify your current program with comprehensive securi
In association with the release of curl 8.4.0 , we publish a security advisory and all the details for CVE-2023-38545 . This problem is the worst security problem found in curl in a long time. We set
(Image credit: GitHub) Hundreds of GitHub repositories have been targeted by a threat actor masked as the GitHub platform’s Dependabot feature to install password-stealing malware. The threat actor ta
The 10 Biggest Cyber Security Trends In 2024 [+] [-] Everyone Must Be Ready For Now Adobe Stock By the end of the coming year, the cost of cyber attacks on the global economy is predicted to top $10.5
It’s finally here, we have just released the source code for our open-source project Chalk™. You can find the source code on Github here https://github.com/crashappsec/chalk You can find binary releas
How I choose a security research topic | PortSwigger Research Articles Overview Articles Meet the Researchers James Kettle Gareth Heyes Talks Join the team James Kettle Director of Research @albinowax
Getty Images Microsoft said the corporate account of one of its engineers was hacked by a highly skilled threat actor that acquired a signing key used to hack dozens of Azure and Exchange accounts bel
UPDATE: Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email. Our techni
A series of unfortunate and cascading mistakes allowed a China-backed hacking group to steal one of the keys to Microsoft’s email kingdom that granted near unfettered access to U.S. government inboxes