Sites using session replay scripts leak sensitive user data
When we enter sensitive information – our names, passwords, payment card information, medical information, what have you – into websites, we do it with the …
GitHub starts alerting developers of security vulnerabilities in dependencies
Popular Git repository hosting service GitHub has introduced a new feature to help developers keep their projects safer: security alerts for vulnerabilities in software …
Criminals leverage unsecured IoT devices, DDoS attacks surge
Organizations experienced an average of 237 DDoS attack attempts per month during Q3 2017 – equivalent to 8 DDoS attack attempts every day – as hackers strive to take their …
German government bans children’s smartwatches, tells parents to destroy them
The Federal Network Agency (Bundesnetzagentur), Germany’s regulatory agency for public utility companies, has categorized children’s smartwatches as spying …
Sad state of enterprise cloud infrastructure governance
A new survey of more than 300 IT professionals, conducted by Propeller Insights in October 2017, revealed that the state of enterprise cloud infrastructure governance is …
Week in review: Risk assessment, fileless attacks, and the most hackable holiday gifts
Here’s an overview of some of last week’s most interesting news and articles: Review: EU GDPR Documentation Toolkit The General Data Protection Regulation (GDPR) …
Poor security habits are the ideal recipe for a breach
A Preempt survey of more than 200 employees (management level or above) from enterprise companies of 1000 or more people, found that businesses are left exposed by employees …
New infosec products of the week: November 17, 2017
Yoti launches digital identity app The free app is available for Apple and Android phones and takes less than five minutes to set up. People take a selfie and scan a passport …
A third of US businesses do not feel prepared for GDPR deadline
New research by Censuswide captures the preparedness levels of organizations in Europe and the United States for the May 2018 GDPR compliance deadline, as well as their …
Critical flaw in Cisco collaboration products plugged
A critical vulnerability in a dozen Cisco collaboration products based on the Cisco Voice Operating System (VOS) could allow unauthenticated, remote attackers to gain access …
Half of organizations do not audit SSH entitlements
Cybercriminals, such as malicious insiders, use SSH keys to access systems from remote locations, evade security tools and escalate privileges, according to a study conducted …
High-Tech Bridge unveils free application discovery and inventory service
High-Tech Bridge announce the public launch of ImmuniWeb Discovery. The free service is a part of the ImmuniWeb Application Security Testing (AST) Platform. ImmuniWeb …
Featured news
Resources
Don't miss
- The unseen side of malware and how to find it
- SonicWall says attackers compromised some firewall configuration backup files
- Google fixes actively exploited Chrome zero-day vulnerability (CVE-2025-10585)
- LinkedIn now uses your data for AI by default, opt out now!
- Behind the scenes of cURL with its founder: Releases, updates, and security