Security News > 2024 > January

The U.S. National Security Agency (NSA) has admitted to buying internet browsing records from data brokers to identify the websites and apps Americans use that would otherwise require a court...

With organizations increasingly relying on third-party vendors, upping the third-party risk management game has become imperative to prevent the fallout of third-party compromises. Why you must do TPRM. Third-party risk management offers numerous advantages for companies.

Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information stealing malware called WhiteSnake Stealer on...

We'll also explore the challenges of balancing intelligence gathering with privacy and legal considerations and look at strategies for prioritizing intelligence inputs in decision-making. What advice would you give to a CISO that wants to integrate cybercrime intelligence into an existing security infrastructure to enhance threat detection and response capabilities?

In the last year, the world's critical infrastructure - the medical, power, communications, waste, manufacturing, and transportation equipment that connects people and machines - has been under near-constant attack, according to Forescout. Persistent attacks on OT. Only 35% of exploited vulnerabilities made an appearance in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities list.

2024 is shaping up to be a record-breaking year for data breaches, according to Experian.With increased data collection, storage, and movement, there are plenty of partners down the supply chain that could be targeted.

The increasing complexity of networks also brings forth heightened security challenges. Robust network security measures are essential to safeguard against cyber threats, ensuring the integrity, confidentiality, and availability of sensitive information.

Five $60,000 bounties - the second-highest monetary awards behind Synacktiv's $100k Tesla hacks - were awarded for attacks on EV chargers manufactured by Emporia, ChargePoint, Ubiquiti, Phoenix and JuiceBox. Three attacks against Automotive Grade Linux were also attempted, with only one succeeding.

Asia In Brief Indian infosec firm CloudSEK last week claimed it found records describing 750 million Indian mobile network subscribers on the dark web, with two crime gangs offering the trove of data for just $3,000. CloudSEK named CYBO CREW affiliates CyboDevil and UNIT8200 as the vendors of a 1.8TB trove, which contains mobile subscribers' names, phone numbers, addresses, and Aadhaar details.

Multiple proof-of-concept exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. SonarSource researchers discovered two flaws in Jenkins that could enable attacks to access data in vulnerable servers and execute arbitrary CLI commands under certain conditions.