Author: nlqip
Over 100,000 Oregon Zoo visitors warned that their payment card details were stolen in security breach
- by nlqip
Cybercriminals have succeeded in stealing the payment card information from over 110,000 animal lovers over several months after meddling with Oregon Zoo’s online ticket payment system. Sensitive information belonging to 117,815 people including their names, payment card numbers, CVV codes, and card expiry dates were stolen after being entered onto the Oregon Zoo’s website by…
Read MoreWhat is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization’s digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an evolving attack surface…
Read MoreThe security benefits of multifactor authentication (MFA) are well-known, yet MFA continues to be poorly, sporadically, and inconsistently implemented, vexing business security managers and their users. Often, MFA users have an extra workflow burden with the additional factors, one of many obstacles to their continued success. And the frequent news stories that describe innovative ways…
Read MoreAug 22, 2024Ravie LakshmananEnterprise Software / Vulnerability GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score…
Read MoreThe exponential growth of non-human identities (NHI) — service accounts, system accounts, IAM roles, API keys, tokens, secrets, and other forms of credentials not associated with human users — has created a surge in their inclusion in security incidents and data breaches. Here are three key areas to focus on when you’re building out your…
Read MoreAug 22, 2024Ravie LakshmananWebsite Security / Vulnerability Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. “The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could…
Read MoreAug 22, 2024Ravie LakshmananBrowser Security / Vulnerability Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. “Type…
Read MoreAug 22, 2024Ravie LakshmananDatabase Security / Cryptocurrency Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that’s designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. “Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords,” Aqua security researcher Assaf Morag said…
Read More“In the M&A game, rumors are currency. We accept that, and my general response is to ignore them. But what I’ve seen over the past few weeks from a company called Action1 goes far beyond anything I’ve ever experienced in my career, and I feel compelled to set the record straight,” Talpaz wrote in a…
Read MoreASD’s ACSC, CISA, FBI, and NSA, with the support of International Partners Release Best Practices for Event Logging and Threat Detection | CISA
- by nlqip
Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), CISA, FBI, NSA, and international partners are releasing Best Practices for Event Logging and Threat Detection. This guide will assist organizations in defining a baseline for event logging to mitigate malicious cyber threats. The increased prevalence of malicious actors employing living off the land…
Read MoreRecent Posts
- QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3
- QNAP NAS and Lexmark printers hacked on Pwn2Own Day 3
- Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations
- The Hidden Crisis: How Stress is Forcing 1 in 4 Chief Information Security Officers to Quit | BlackFog
- UnitedHealth says data of 100 million stolen in Change Healthcare breach