vulnerability
Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205
Attackers are actively exploiting an “old” vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The …
Proven third-party risk management strategies
As cyber threats continue to plague enterprises and the third-party partners and suppliers they work with, organizations that have prioritized the development of a robust …
Mapping ATT&CK techniques to CVEs should make risk assessment easier
Vulnerability reporters should start using MITRE ATT&CK technique references to describe what the attacker is trying to achieve by exploiting a given CVE-numbered …
Trojan Source bugs may lead to extensive supply-chain attacks on source code
Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …
Financial services need to prioritize API security to protect their customers
Noname Security and Alissa Knight, Partner at Knight Ink and recovering hacker, announced a research which unveils a number of vulnerabilities in the banking, cryptocurrency …
API attacks are both underdetected and underreported
Akamai released a research into the evolving threat landscape for application programming interfaces (APIs), which according to Gartner will be the most frequent online attack …
Organizations making security trade-offs in the push to innovate
The vast majority of organizations are increasing their investment in application security this year, but they continue to struggle to fully embrace secure innovation. A …
Increased risk tolerances are making digital transformation programs vulnerable
Digital transformation programs could be vulnerable to cyber attacks due to increased risk tolerances and ongoing cybersecurity challenges, according to a global research of …
Siloed security data hamper the ability to achieve collective defense
Cyware revealed a research detailing the challenges affecting modern security operations teams and the negative business impact of siloed security operations. According to the …
Organizations losing business due to connected product security concerns
59% of executives with cybersecurity decision-making responsibility at large and mid-sized companies say that their organizations have lost business due to product security …
Storage systems vulnerabilities: Act now to avoid disasters
Continuity issued a research report which provided an analysis of the vulnerabilities and misconfigurations of enterprise storage systems. The findings revealed that storage …
Worldwide supply chains vulnerable as businesses lack visibility into suppliers
BlueVoyant released the findings of its second annual global survey into third-party cyber risk management. The study reveals that 97% of firms surveyed have been negatively …
Featured news
Resources
Don't miss
- Popular code formatting sites are exposing credentials and other secrets
- Fake “Windows Update” screens fuels new wave of ClickFix attacks
- Microsoft cracks down on malicious meeting invites
- How an AI meltdown could reset enterprise expectations
- The breaches everyone gets hit by (and how to stop them)