Security News
Recent data reveals that compromised credentials are the single biggest attack vector in 2024. To help you navigate this critical issue, we invite you to join our exclusive webinar, "Compromised Credentials in 2024: What to Know About the World's #1 Attack Vector."
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users," according to a description shared on the U.S. National Vulnerability Database.
The U.S. Department of Justice said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale. "The social media bot farm used elements of AI to create fictitious social media profiles - often purporting to belong to individuals in the United States - which the operators then used to promote messages in support of Russian government objectives," the DoJ said.
An effective third-party risk management framework ensures that an organization is not derailed by vendor risks and vulnerabilities. Right after you categorize your third-party vendors based on their importance to your organization, next you must define the scope of your third-party risk management services and framework by identification of the type of third parties involved and the risk factors posed by them.
In this Help Net Security, Ashley Harrington, Director of Cybersecurity at Aspida, discusses the impact of cyberattack on business operations and financial health. Beyond immediate disruptions and financial burdens, cyber incident can severely damage a company's reputation among customers and partners.
Legal, compliance and privacy leaders list strengthening their personal impact on company strategy as their top priority for 2024, according to Gartner. Improving third party risk management, and ensuring compliance programs can keep pace with fast-moving regulatory requirements are the top three priorities for this year.
After around two decades of allowing one-time passwords delivered by text message to assist log ins to bank accounts in Singapore, the city-state will abandon the authentication technique. The Monetary Authority of Singapore and The Association of Banks in Singapore announced on Tuesday that "Major retail banks in Singapore will progressively phase out the use of One-Time Passwords for bank account login by customers who are digital token users within the next three months."
Meet DodgeBox, son of StealthVector Chinese government-backed cyber espionage gang APT41 has very likely added a loader dubbed DodgeBox and a backdoor named MoonWalk to its malware toolbox,...
Ultra-conservative org funnily enough not ready to turn the other cheek After claiming to break into a database belonging to The Heritage Foundation, and then leaking 2GB of files belonging to the...
The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident." [...]