Enhancing open source security: Insights from the OpenSSF on addressing key challenges
In this Help Net Security interview, we meet a prominent industry leader. Brian Behlendorf, CTO at the Open Source Security Foundation (OpenSSF), shares insights on the …
Organizations’ cyber resilience efforts fail to keep up with evolving threats
A steady increase in cyberattacks and evolving threat landscape are resulting in more organizations turning their attention to building long-term cyber resilience; however, …
Identity crimes: Too many victims, limited resources
The Identity Theft Resource Center (ITRC) has documented incidents of identity theft reported during 2022 and the first quarter of 2023, highlighting the use of strategies by …
KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)
A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the …
TP-Link routers implanted with malicious firmware in state-sponsored attacks
A Chinese state-sponsored APT group implanted malicious firmware into TP-Link routers as part of attack campaigns aimed at European foreign affairs entities, say Check Point …
Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store
Sophos researchers uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users. These apps have popped up in the Google Play and Apple App …
Inactive Google accounts will be deleted
A week after Twitter announced it will be removing idle accounts after 30 days of inaction, Google has updated its account inactivity policy. Updates to the Google account …
Infamous cybercrime marketplace offers pre-order service for stolen credentials
Infostealer malware, which consist of code that infects devices without the user’s knowledge and steals data, remains widely available to buy through underground forums and …
The CIS Benchmarks Community consensus process
The Center for Internet Security (CIS) recently celebrated 20 years of bringing confidence to the connected world with consensus-based security guidance. The first CIS …
Fraudsters send fake invoice, follow up with fake exec confirmation
Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones …
Attack automation becomes a prevalent threat against APIs
The second half of 2022 marked a significant turning point in the security landscape. In several high-profile incidents, application programming interfaces (APIs) emerged as a …
Lacroix manufacturing facilities shut down following cyberattack
French electronics manufacturer Lacroix closed three factories as a result of a cyberattack they “intercepted” over the weekend, the company has announced on …
Featured news
Resources
Don't miss
- Google strengthens secure enterprise access from BYOD Android devices
- Southwest Airlines CISO on tackling cyber risks in the aviation industry
- Insider risk management needs a human strategy
- Cerbos: Open-source, scalable authorization solution
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days