Check out why memory vulnerabilities are widespread in open source projects. Plus, get the latest on the ransomware attack that’s disrupted car sales in North America. In addition, find out why a majority of organizations grew their cyber budgets this year. And learn how confidential data from U.S. chemical facilities may have been accessed by…
Read More
The modern kill chain is eluding enterprises because they aren’t protecting the infrastructure of modern business: SaaS. SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven’t revised their security programs or adopted security tooling built for SaaS. Security teams keep jamming…
Read More
Jun 28, 2024NewsroomMalware / Cryptocurrency Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. “The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid…
Read MoreJames Bamford on Section 702 Extension Longtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA). Tags: FISA, national security policy, NSA, privacy, surveillance Posted on June 28, 2024 at 7:04 AM • 0 Comments Sidebar photo of Bruce Schneier by Joe MacInnis. Source…
Read More
Jun 28, 2024NewsroomNetwork Security / Data Protection A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user’s web activity. “SnailLoad exploits a bottleneck present on all Internet connections,” the researchers said in a study released this…
Read More
CompTIA Cloud+ Unlike most others on this list, the CompTIA Cloud+ certification provides more general training on the cloud. Still, cloud security features prominently in its curriculum: Candidates will learn vulnerability management, compliance adherence, and security controls. Because CompTIA Cloud+ also provides instruction in cloud architecture, deployment, operations, troubleshooting, and DevOps fundamentals, it may…
Read More
Jun 28, 2024NewsroomIndustrial Security / Critical Infrastructure Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and reside in versions 4.1.5 and prior. According to…
Read More
Jun 28, 2024NewsroomData Breach / Enterprise Security TeamViewer on Thursday disclosed it detected an “irregularity” in its internal corporate IT environment on June 26, 2024. “We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures,” the company said in a…
Read More
ESET Research, Threat Reports A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts 27 Jun 2024 • , 2 min. read These past six months painted a dynamic landscape of Android Financial threats – malware going after victims’ mobile banking…
Read More
‘We believe now is the right time to take a compelling inorganic step,’ Nokia CEO and President Pekka Lundmark said in a statement. Less than a year after a massive layoff round, Nokia looks to remake its telecommunications business with a pair of deals unveiled Thursday, including a $2 billion deal to buy Infinera and…
Read More