Attackers exploit APIs faster than ever before
After combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, …
Help Net Security
AI is taking phishing attacks to a whole new level of sophistication
92% of organizations have fallen victim to successful phishing attacks in the last 12 months, while 91% of organizations have admitted to experiencing email data loss, …
Preventing corporate data breaches starts with remembering that leaks have real victims
When it comes to data breaches, organizations are generally informed about the risks and procedures for mitigating them. They can (typically) respond with minimal collateral …
Vulnerability in DJI drones may reveal pilot’s location
Serious security vulnerabilities have been identified in multiple DJI drones. These weaknesses had the potential to allow users to modify crucial drone identification details …
China-aligned APT is exploring new technology stacks for malicious tools
ESET researchers have analyzed MQsTTang, a custom backdoor that they attribute to the China-aligned Mustang Panda APT group. This backdoor is part of an ongoing campaign that …
Law enforcement teams score major win against DoppelPaymer ransomware gang
In a joint effort, the German Regional Police, Ukrainian National Police, Europol, Dutch Police, and FBI joined forces on February 28, 2023, to take down the masterminds …
6 cybersecurity and privacy Firefox add-ons you need to know about
In today’s digital age, cybersecurity and privacy have become major concerns for internet users. With the increase in cyber attacks and data breaches, it is vital to …
XIoT risk and the vulnerability landscape
Recently, Claroty released its State of XIoT Security Report, which shares analyses of publicly disclosed vulnerabilities affecting operational technology (OT), internet of …
Popular fintech apps expose valuable, exploitable secrets
92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, …
Week in review: LastPass breach, GCP data exfiltration, UEFI bootkit
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google Cloud Platform allows data exfiltration without a (forensic) trace …
New infosec products of the week: March 3, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Fastly, Forescout, ManageEngine, and Veeam Software. Forescout XDR enables …
The role of human insight in AI-based cybersecurity
To unleash the power of AI, it’s essential to integrate some human input. The technical term is Reinforcement Learning from Human Feedback (RLHF): a machine-learning technique …