Security News > 2024 > March

Application programming interfaces (APIs) are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of API Security in...

Good cyber and physical security can make or break companies. The purpose of this Security Response Policy, written by Scott Matteson for TechRepublic Premium, is to outline the security incident response processes which must be followed.

This quick glossary, created by Mark W. Kaelin for TechRepublic Premium, explains the terminology used by security experts as they attempt to reduce the damage caused by a successful attack. Evidence may include documents, logs, software or hardware.

A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. Data wipers are a category of malware designed for destructive attacks that delete files and data on targeted devices.

Infosec researchers are noting rising cryptocurrency attacks and have encouraged wallet security providers to up their collective game. Check Point specifically cites the growth of attacks that abuse Ethereum's CREATE2 opcode, dubbing it a "Critical issue in the blockchain community" that's seeing millions of dollars worth of assets being drained from victims' wallets.

Insurance broker and risk advisor Marsh revealed that US cyber insurance premiums rose by an average of 11% in the first quarter of 2023, and Delinea reported that 67% of survey respondents said their cyber insurance costs increased between 50% and 100% in 2023. Reinforcing Active Directory security is one way to protect an organization's critical infrastructure and manage or even potentially reduce the costs of cyber insurance.

Large language models (LLMs) powering artificial intelligence (AI) tools today could be exploited to develop self-augmenting malware capable of bypassing YARA rules. "Generative AI can be used to...

Vulnerability management solutions rely on NVD. In the meantime, enterprise defenders have effectively lost a critical resource, since many vulnerability scanners and other vulnerability managament tools rely on the CPE entires set by the NVD to pinpoint and address security vulnerabilities affecting an ogranization's systems. NVD is not the only vulnerability database out there.

Atos' share price sank as much as 20 percent this morning on confirmation that Airbus is no longer interested in buying the big data and security parts of the crumbling tech empire. Atos said at the time it had received two letters indicating interest in buying BDS, but only the aerospace corp had offered to snaffle the whole unit.

Proof-of-concept exploit code for a critical RCE vulnerability in Fortra FileCatalyst MFT solution has been published.Fortra FileCatalyst is an enterprise managed file transfer software solution that includes several components: FileCatalyst Direct, Workflow, and Central.