Security News

The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. A few days later, the Bitwarden team announced they would add another layer of safety, allowing iframe auto-fills only on trusted sites and subdomains from the origin domain.

IAM tools help organizations secure and manage user identities and access to resources, ensuring only authorized individuals gain access. Keycloak adheres to standard protocols such as OpenID Connect, OAuth 2.0 and SAML and provides fine-grained authorization services that support different access control mechanisms like attribute-based access control, role-based access control, user-based access control, rule-based access control and context-based access control.

Update February 23, 07:02 EST: Sophos published a report today saying that the ransomware payloads they spotted were built using the LockBit ransomware builder leaked online by a disgruntled malware developer in late September 2022. "On February 22, 2024, Sophos X-Ops reported through our social media handle that despite the recent law enforcement activity against the LockBit threat actor group we had observed several attacks over the preceding 24 hours that appeared to be carried out with LockBit ransomware, built using a leaked malware builder tool," Sophos explained.

Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. Today, Sophos X-Ops revealed that threat actors have been deploying LockBit ransomware on victims' systems after gaining access using exploits targeting these two ScreenConnect vulnerabilities.

There are decent free password managers out there that can help you secure your passwords without shelling out a monthly fee. In this article, we give you a rundown of the best free password managers available today.

Simon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and it's really impressive. Which means a lot of scary new video prompt injection attacks.

The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes. [...]

Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the...

While every organization's specific security needs form a unique and complex blend of interconnected requirements, numerous security fundamentals almost always apply to each of these groups. It stands to reason that cybersecurity pros who effectively identify network and systems risks and who standardize methods of mitigating those vulnerabilities are likely to experience less stress and volatility.

Tens of thousands of U.S. customers from Verizon, T-Mobile, and AT&T are complaining Thursday morning about the lack of wireless service or interruptions to service. "The San Francisco Fire Department published a"cell phone service outage" announcement saying that "AT&T wireless customers can't make or receive any phone calls, although the 911 center is operational.