Security News > 2023 > November

A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into...

The US Federal Cyber Security and Infrastructure Security Agency believes that the only way to "Permanently shift the cybersecurity advantage to ICS cyber defenders is through collective action". This is exactly what SANS is offering through its Industrial Control Systems Security resource centre.

The attacks force the creation of weak session keys, which are used when paired Bluetooth devices try to establish a secure communication channel. Weak keys can be easily broken, allowing the eavesdropper to hijack sessions and snoop on victims' conversations, data, and activities carried out over Bluetooth.

The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten...

Mosint is an automated email OSINT tool written in Go designed to facilitate quick and efficient investigations of target emails. It integrates multiple services, providing security researchers with rapid access to a broad range of information.

OpenAI is putting more power into the hands of users of GenAI, allowing them to create their custom AI agents without writing code. These custom GPTs are the latest leap forward in the rapidly evolving AI landscape, but this highly tailorable yet easily accessible capability creates a powerful tool for attackers to exploit.

In this Help Net Security interview, Richard Chambers, Senior Internal Audit Advisor at AuditBoard, discusses the transformational role of the internal audit function and risk management in helping organizations bridge the gap in risk exposure. Internal audit has important opportunities in two primary directions: Using AI within internal audit, and providing guidance and assurance to the organizations we serve.

Despite the rising adoption of collaboration and instant messaging software, email remains a significant area of concern regarding cyber attacks, particularly the increasing threat of cybercriminals employing harmful web links in emails, according to Hornetsecurity. Its use increased by nearly 4 percentage points this year, rising from 39.6% to 43.3% of all email attacks.

Aqua Trivy open-source security scanner now finds Kubernetes security risks. Lacework code security helps prevent security issues from getting into the wild by identifying them before code is deployed, and helps prioritize and fix issues faster, wherever they are found in the application lifecycle.

The Select Committee on the Chinese Communist Party, spearheaded by US representative and committee chairman Mike Gallagher, penned a letter to secretaries Gina Raimondo, Lloyd Austin, and Janet Yellen requesting an investigation of Chinese LiDAR manufacturers and the appropriateness of sanctions on those entities. "LiDAR is a critical technology used in autonomous systems and robotics but is currently not subject to US export controls or government procurement restrictions, which raises several concerns," reads the letter.