Security News > 2024 > March

We all know using a cloud-based identity provider expands your attack surface, but just how big does that attack surface get? And can we even know for sure? The first step towards mitigating the expanded attack surface in the cloud is recognizing the risks and potential vulnerabilities of cloud identity providers.

The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign....

Though generative AI offers financial firms remarkable business and cybersecurity utility, cyberthreats relating to GenAI in financial services are a consistent concern, according to FS-ISAC. Cybercriminals exploit AI for data exfiltration. That said, threat actors can use generative AI to write malware and more skilled cybercriminals could exfiltrate information from or inject contaminated data into the large language models that train GenAI. The use of corrupted GenAI outputs can expose financial institutions to severe legal, reputational, or operational consequences.

Companies demonstrating advanced cybersecurity performance generate a shareholder return that is 372% higher than their peers with basic cybersecurity performance, according to a new report from Diligent and Bitsight. The report also reveals that highly regulated industries, such as healthcare and financial services, have the highest cybersecurity ratings, and companies with either a specialized risk committee or audit committee achieve better cybersecurity performance compared to those with neither, with ratings of 710 and 650 respectively.

The Consortium for Information and Software Quality estimates that the cost of poor software quality in the United States reached $2.41 trillion in 2022. It's also completely avoidable, and software flaws must be avoided with the world's increased dependency on software.

A vulnerability in the wall command of the util-linux package that is part of the Linux operating system could allow an unprivileged attacker to steal passwords or change the victim's clipboard. WallEscape impacts the 'wall' command, which is typically used in Linux systems to broadcast messages to the terminals of all users logged to the same system, such as a server.

American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data. The Hot Topic fast-fashion chain has over 10,000 employees in more than 630 store locations across the U.S. and Canada, the company's headquarters, and two distribution centers.

The Python Package Index has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. PyPI is an index for Python projects that helps developers find and install Python packages.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also...