Security News > 2023 > December

New research has found that over 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. "More than 9,000 repositories are vulnerable to repojacking due to GitHub...

A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what's suspected to be a cyber espionage mission. The BlackBerry...

Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within...

The government of the United Kingdom has issued a strongly worded denial of a report that the Sellafield nuclear complex has been compromised by malware for years. The report, appearing in The Guardian, claimed that the controversial complex was hacked by "Cyber groups closely linked to Russia and China," with the infection detected in 2015 but perhaps present before that year.

SessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications. It takes a user's session token and checks for a list of URLs if access is possible, highlighting potential authorization issues.

Automated API security testing predominantly uses tools from two application security methodologies: static application security testing and dynamic application security testing. API security testing is increasingly being integrated into the API security offering, translating into much more efficient processes, such as automatically associating appropriate APIs with suitable test cases.

In this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in ransomware attacks, emphasizing the need for businesses to use advanced AI technologies, such as deep learning, for prevention rather than just detection and response. What are the emerging trends in ransomware attacks, and how should businesses prepare for them using AI technologies?

2024 is a presidential election year in the US. 2016 and 2020 both saw impressive increases in attempts to influence voters through crafty propaganda and social media campaigns run by bots and expert social engineers, along with attempts to influence the vote through abuse of related technologies. In this Help Net Security video, Ryan Maltzen, Cybersecurity Architect at Fortra, discusses how, in past elections, this was more largely a manual process than we should expect with the rise of generative AI and other tools that seem well-positioned to have impacts in this space.

2024 will be a revolutionary year for the data security landscape as Data Security Posture Management technology rapidly evolves to keep pace with the colossal amount of data being created, stored and shared within organizations and across business sectors, according to Metomic. By implementing security solutions that enable security professionals to see exactly where data is stored and shared, as well as who has access to it, organizations will be better equipped to detect, connect, and protect sensitive data across their entire cloud estate, from one unified platform.

Enterprises' increasing digital reliance has fueled an array of cybersecurity threats. One rapidly growing area is information-stealing malware known as infostealers, which is malicious software designed to steal data.