Security News > 2024 > March

Understanding risk is one thing, but how do you know if your organization has what it takes to withstand those risks being realized? Establishing cyber maturity can help determine resilience, where the strengths and weaknesses lie, and what needs to happen to improve those security processes. In the face of escalating risks leading to more claims, cyber insurance providers are now pushing for cyber maturity assessments to determine their risk exposure when quoting for policies, for example.

Data protection is relevant to everyone, whether you are handling personal data or your data being processed. It delves into the main data protection applications and explores the rights afforded under these regulations.

In this Help Net Security video, Ryan Amparo, Field Application Engineer at Kingston Technology, discusses the benefits of encrypted external SSDs and USBs for hybrid workforces. He talks about the differences between software and hardware encryption, why it's important, and why usage and cost matter.

Lovejoy discusses the alignment between DORA and NIS2 directives, the timeline for DORA's implementation, and the imperative steps organizations must take to ensure compliance by the 2025 deadline. How will DORA impact organizations across the EU, particularly regarding ICT risk management and cybersecurity?

92% of companies had experienced a breach in the prior year due to vulnerabilities of applications developed in-house, according to Checkmarx. In recent years the responsibility for application security has shifted away from dedicated security teams and is now shared between AppSec managers and developers.

A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws,...

Doing so helps to prevent distributed denial of service attacks against the model, or other situations that would overwhelm the LLM with requests and disrupt its ability to process legitimate requests. The firewall can be deployed in front of any LLM, Molteni told The Register.

A security failure at a third-party vendor exposed an untold number of American Express card numbers, expiry dates, and other data to persons unknown. "We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system," Amex chief privacy officer Anneke Covell wrote in a letter [PDF] to customers at the end of last month, alerting them to the snafu.

A critical vulnerability in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. "Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack" - Rapid7.

The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. The threat actors are exploiting authentication bypass and remote code execution flaws disclosed on February 20, 2024, when ConnectWise urged ScreenConnect customers to immediately upgrade their servers to version 23.9.8 or later.