Security News
Survey findings outlined in the report show nearly one-third of all professionals directly involved in development and deployment - system operations, software developers, committers, and maintainers - self-report feeling unfamiliar with secure software development practices. "Our research found that a key challenge is the lack of education in secure software development. Practitioners are unsure where to start and instead are learning as they go. It is clear that an industry-wide effort to bring secure development education to the forefront must be a priority," added Wheeler.
Fully 95% of IT and security professionals believe security threats will be more dangerous due to AI - yet, despite that elevated risk, nearly one in three security and IT professionals have no documented strategy in place to address generative AI risks. When leaders don't understand vulnerability management, they may not realize how changing leadership priorities can impact the security of their organization.
A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems. One difference between the two is that DGAs are embedded in the malware strains and only some of the generated domains are registered, yet RDGAs remain with the threat actor, and all domains are registered.
A judge has mostly thrown out a lawsuit brought by America's financial watchdog that accused SolarWinds and its chief infosec officer of misleading investors about its computer security practices and the backdooring of its Orion product. In a Thursday ruling [PDF], US federal district Judge Paul Engelmayer dismissed all of the so-called "Post-SUNBURST" claims the SEC levied against SolarWinds.
Stick an independent probe in our software, you won't find any Putin.DLL backdoor Kaspersky has hit back after the US government banned its products – by proposing an independent verification that...
SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager software, six of which allowed attackers to gain remote code execution on vulnerable devices. Access Rights Manager is a critical tool in enterprise environments that helps admins manage and audit access rights across their organization's IT infrastructure to minimize threat impact.
A group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings. That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elderly North Carolina couple, whose home St. Felix and one of his accomplices broke into before physically assaulting the two victims-both in their seventies-and forcing them to transfer more than $150,000 in Bitcoin and Ether to the thieves' crypto wallets.
A recently fixed vulnerability affecting Splunk Enterprise on Windows "Is more severe than it initially appeared," according to SonicWall's threat researchers. Splunk Enterprise is a data analytics and monitoring platform that allows organization to collect and analyze machine-generated data from a variety of sources, such as network and security devices, servers, etc.
Microsoft has fixed a known issue preventing the Microsoft Photos app from starting on some Windows 11 22H2 and 23H2 systems. Last week, Redmond fixed two more Windows 11 issues causing update problems when using Windows Update automation scripts and triggering reboot loops and taskbar problems after installing the June KB5039302 preview update.
Prolific Russian cybercrime syndicate FIN7 is using various pseudonyms to sell its custom security solution-disabling malware to different ransomware gangs. AvNeutralizer malware was previously thought to be solely linked to the Black Basta group, but fresh research has uncovered various underground forum listings of the malicious software now believed to be created by FIN7 operatives.