Please turn on your JavaScript for this page to function normally.
cybersecurity week in review
Week in review: Backdoor found in XZ utilities, weaponized iMessages, Exchange servers at risk

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: XZ Utils backdoor update: Which Linux distros are affected and what can you …

Linux alert
Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

UPDATE: April 9, 09:23 AM ET Two stories have been published since this initial release: Which Linux distros are affected and what can you do? XZ Utils backdoor: Detection …

digital identity
How much does cloud-based identity expand your attack surface?

We all know using a cloud-based identity provider (IdP) expands your attack surface, but just how big does that attack surface get? And can we even know for sure? As Michael …

cybercrime
AI abuse and misinformation campaigns threaten financial institutions

Though generative AI offers financial firms remarkable business and cybersecurity utility, cyberthreats relating to GenAI in financial services are a consistent concern, …

strategy
Advanced cybersecurity strategies boost shareholder returns

Companies demonstrating advanced cybersecurity performance generate a shareholder return that is 372% higher than their peers with basic cybersecurity performance, according …

software
Finding software flaws early in the development process provides ROI

Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software …

Infosec products of the week
New infosec products of the week: March 29, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Security, CyberArk, GitGuardian, Legit Security, and Malwarebytes. …

Google
Zero-day exploitation surged in 2023, Google finds

2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, …

NHS Scotland
NHS Scotland confirms ransomware attackers leaked patients’ data

NHS Dumfries and Galloway (part of NHS Scotland) has confirmed that a “recognised ransomware group” was able to “access a significant amount of data …

Microsoft SharePoint
Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code …

compliance
Debunking compliance myths in the digital era

Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 …

AI
Enterprises increasingly block AI transactions over security concerns

Enterprises must secure a transformation driven by generative AI (GenAI) bidirectionally: by securely adopting GenAI tools in the enterprise with zero trust while leveraging …

Don't miss

Cybersecurity news