Security News

Even with the best-of-the-best tools and tech stack monitoring vulnerabilities, every security executive and GRC leader should still have some layer of paranoia. In this Help Net Security video, Shrav Mehta, CEO at Secureframe, talks about security best practices for GRC teams, highlights areas that security learners should pay close attention to, and discusses how security leaders can automate specific processes.

Commerce is the most attacked vertical with 44% of API attacks, followed by business services at nearly 32%. APIs are vital to most organizations because they improve both employee and customer experiences. Cybercriminals have leveraged this digital innovation and the rapid expansion of the API economy to create new opportunities for exploitation.

As the GCC cybersecurity industry continues to grow-F&S estimates it will triple in value by 2030 to reach $13.4 billion-countries in the region continue to reduce their dependence on oil exports and opt for digital tools and technologies instead. Middle East braces for escalating cyber threats. In the UAE and Saudi Arabia, specifically, technology adoption has increased across the finance, healthcare, and manufacturing sectors, further boosting the need for cybersecurity and robust regulatory frameworks.

An Australian IT contractor has been sentenced to 30 months jail for ripping off the National Maritime Museum. The nonprofit museum celebrates Australia's maritime heritage - a matter of some import for the island nation, which therefore attracts government funding.

Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. The researchers started looking on the public web for personally identifiable information exposed via vulnerable Firebase instances.

NVIDIA's newest GPU platform is the Blackwell, which companies including AWS, Microsoft and Google plan to adopt for generative AI and other modern computing tasks, NVIDIA CEO Jensen Huang announced during the keynote at the NVIDIA GTC conference on March 18 in San Jose, California. Along with the Blackwell GPUs, the company announced the NVIDIA GB200 Grace Blackwell Superchip, which links two NVIDIA B200 Tensor Core GPUs to the NVIDIA Grace CPU - providing a new, combined platform for LLM inference.

"Drinking water and wastewater systems are a lifeline for communities, but many systems have not adopted important cybersecurity practices to thwart potential cyberattacks," said EPA Administrator Michael S. Regan. The National Security Council and the Environmental Protection Agency have invited governors to a virtual meeting on March 21 to strengthen collaboration between government entities and water systems and establish a Water Sector Cybersecurity Task Force.

The Cyber Crime Center of the U.S. Department of Defense says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016. The federal agency launched its Vulnerability Disclosure Program 7.5 years ago following a bug bounty event called 'Hack-the-Pentagon,' to engage crowd-sourced vulnerability reports that could help bolster its cyber defenses.

Chinese cyberspies have compromised at least 70 organizations, mostly government entities, and targeted more than 116 victims across the globe, according to security researchers. "One of the threat actor's favorite tactics involves using its malicious access to government infrastructure to attack other government entities, abusing the infrastructure to host malicious payloads, proxy attack traffic, and send spear-phishing emails to government-related targets using compromised government email accounts," Joseph Chen and Daniel Lunghi said in research published on Monday.

CISA, the NSA, the FBI, and several other agencies in the U.S. and worldwide warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group. Together with the NSA, the FBI, other U.S. government agencies, and partner Five Eyes cybersecurity agencies, including cybersecurity agencies from Australia, Canada, the United Kingdom, and New Zealand, it also issued defense tips on detecting and defending against Volt Typhoon attacks.