Please turn on your JavaScript for this page to function normally.
vmware
VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to …

Alexander Hagenah
Embracing offensive cybersecurity tactics for defense against dynamic threats

In this Help Net Security, Alexander Hagenah, Head of Cyber Controls at SIX, discusses the critical steps in creating effective offensive security operations and their impact …

4 warning signs that your low-code development needs DevSecOps

Low code platforms have democratized development in the enterprise. They improve efficiency and enable companies to do more with less. But as you begin to do more you will …

Linux
Looney Tunables bug exploited for cryptojacking

Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables (CVE-2023-4911) vulnerability to covertly install cryptomining software into …

cybersecurity staff shortages
Cybersecurity workforce shortages: 67% report people deficits

The global cybersecurity workforce has reached 5.5 million people, an 8.7% increase from 2022, representing 440,000 new jobs, according to ISC2. While this is the highest …

Java
The hidden costs of Java, and the impact of pricing changes

An overwhelming 98% of all the businesses surveyed use Java in their software applications or infrastructure, and 57% of those organizations indicate that Java is the backbone …

data analytics
High-business-impact outages are incredibly expensive

In this Help Net Security video, Peter Pezaris, Chief Strategy and Design Officer at New Relic, discusses observability adoption and how full-stack observability leads to …

software
What AppSec and developers working in cloud-native environments need to know

All enterprise organizations are, in essence, software publishers, regardless of their industry. This is because every enterprise relies on custom software applications for …

cloud
Access control in cloud-native applications in multi-location environments (NIST SP 800-207)

NIST released Special Publication (SP) 800-207A – “A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location …

eyes
Lack of visibility into cloud access policies leaves enterprises flying blind

Fragmented access policies are top security concern in multi-cloud environments, with more than 75% of enterprises reporting they do not know where applications are deployed …

Kennedy Torkura
Maintaining consistent security in diverse cloud infrastructures

As cloud infrastructures become increasingly API-driven and dynamically spread across expansive attack surfaces, achieving clarity proves difficult. Compounding this challenge …

AWS
Attackers can turn AWS SSM agents into remote access trojans

Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual …

Don't miss

Cybersecurity news