Category: AI in news
Apart from the visibility it provides into an organization’s sensitive permissions and exposed data, the capability is also aimed at assisting with the organization’s remediation efforts. “BigID’s access governance capability doesn’t just detect overexposed data and overprivileged accounts, it also goes one step further,” Young added.“It can help facilitate access remediation management and actions by natively…
Read MoreOn the Insecurity of Software Bloat Good essay on software bloat and the insecurities it causes. The world ships too much code, most of it by third parties, sometimes unintended, most of it uninspected. Because of this, there is a huge attack surface full of mediocre code. Efforts are ongoing to improve the quality of…
Read More
Feb 15, 2024The Hacker NewsSaaS Security / Risk Management With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS…
Read More
A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that’s capable of harvesting identity documents, facial recognition data, and intercepting SMS. “The GoldPickaxe family is available for both iOS and Android platforms,” Singapore-headquartered Group-IB said in an extensive report…
Read More
The office of South Korean president Yoon Suk Yeol has confirmed that it believes North Korea hacked into the emails of one of its staff members. The hack of an unidentified member of the presidential staff’s personal email account occurred in the run-up to a three-day visit to Europe in November, where Yoon met British…
Read More
Feb 15, 2024NewsroomThreat Intelligence / Vulnerability Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as part of its Patch Tuesday updates. Tracked as CVE-2024-21410 (CVSS score: 9.8), the issue has been described as…
Read More
Holy mackerel! AI is jumping on the religion bandwagon, ransomware gangs target hospitals, and what’s happened to your old mobile phone number? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by “Ransomware Sommelier” Allan Liska.…
Read More
Striking a balance between sufficient visibility into cloud computing environments and the potential for an overdose of false positives and duplicate alerts is the key challenge facing cloud security professionals, according to the State of Security Remediation report from the Cloud Security Alliance (CSA). The report, released today, detailed a raft of important issues facing…
Read More
Security researchers warn that an ongoing cloud account takeover campaign has impacted dozens of Microsoft Azure environments owned by organizations from around the world. The attackers have compromised hundreds of accounts since late November 2023 including managers and senior executives. “The varied selection of targeted roles indicates a practical strategy by threat actors, aiming to…
Read More
Threat actors have stepped up their efforts over the last year to launch attacks aimed at disabling enterprise defenses, according to the annual Red Report released Tuesday by Picus Security. The findings demonstrate a drastic shift in adversaries’ ability to identify and neutralize advanced enterprise defenses, such as next-generation firewalls, antivirus software, and EDR solutions,…
Read More