Security News
It's rumored the CISSP examp pass rate is about 20%. I scheduled my exam for the spring of 2024, and I have set aside precisely six weeks to prepare for it. Even if you're an expert on Asset Security, this ensures you're comprehensive and close knowledge gaps because very few individuals are experts in all the domains covered by the CISSP exam.
BLint is a Binary Linter designed to evaluate your executables' security properties and capabilities, utilizing LIEF for its operations. From version 2, BLint can also produce Software Bill-of-Materials for compatible binaries.
In this Help Net Security interview, Chris Peake, CISO & SVP at Smartsheet, explains how responsible AI should be defined by each organization to guide their AI development and usage. Peake emphasizes that implementing responsible AI requires balancing ethical considerations, industry regulations, and proactive risk assessment to ensure that AI is used transparently.
Cyber insurance policies are specifically designed to offer financial protection to organizations in the face of cyber attacks, data breaches, or other cybersecurity incidents. While they can provide a sense of security, it's crucial to be aware of their limitations.
Organizations continue to run insecure protocols across their wide access networks, making it easier for cybercriminals to move across networks, according to a Cato Networks survey. The Cato CTRL SASE Threat Report Q1 2024 provides insight into the security threats and their identifying network characteristics for all aggregate traffic-regardless of whether they emanate from or are destined for the internet or the WAN-and for all endpoints across sites, remote users, and cloud resources.
A new package mimicked the popular 'requests' library on the Python Package Index to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. Discovered by Phylum, the campaign involves several steps and obfuscation layers, including using steganography in a PNG image file to covertly install the Sliver payload on the target.
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS zero-day tagged as exploited in attacks. Apple has yet to disclose who disclosed the zero-day or whether it was discovered internally, and it has provided no information on the nature of the attacks exploiting it in the wild.
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. Today, Apple backported the March security updates to address this security flaw on iOS 16.7.8, iPadOS 16.7.8, and macOS Ventura 13.6.7 with improved input validation.
The Federal Communications Commission has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns. The Royal Tiger group, allegedly led by Prince Jashvantlal Anand and his associate Kaushal Bhavsar, is operating multiple entities linked to illegal calls in the United States, including VoIP companies Illum Telecommunication Limited, PZ Telecommunication LLC, and One Eye LLC. They routed robocalls in the United States to Texas-based Great Choice Telecom, previously the target of a $225 million forfeiture order and cease-and-desist letters from the FCC and the FTC for placing illegal spoofed robocalls.
A cybercriminal using the name "Salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service operation launched in August 2023. Simultaneously with the alleged sale, the INC Ransom operation is undergoing changes that might suggest a rift between its core team members or plans to move to a new chapter that will involve using a new encryptor.