Security News
In October, the Consumer Financial Protection Bureau proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermining the data broker economy and increasing customer choice and competition.
The SEC isn’t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in...
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks...
TL;DR: Your most sensitive data can be removed from the internet with just a few clicks with a 1-year subscription to Incogni Personal Information Removal, and it's available to new users for only $50 through 2/4 11:59 p.m. Pacific. Incogni can help you avoid the lengthy, tedious process of having your data erased from the internet, and a one-year subscription is available to new users for just $49.97 through February 4.
White Phoenix is a free ransomware recovery tool for situations where files are encrypted with intermittent encryption. Intermittent encryption occurs when ransomware chooses not to encrypt every part of each file but instead encrypts sections, frequently in blocks of a set size or just the start of the targeted files.
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used...
The newest version of the vulnerability scoring system CVSS 4.0 is here! After a lengthy gap between version 3, as of November 2023 version 4.0 is officially live. Version 3.0 and CVSS in general, while being quite good at measuring the "Impact" of a vulnerability, wasn't very good at scoring its "Exploitability".
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the...
We examine the benefits of adopting a proactive cybersecurity approach, particularly in terms of cost efficiency and crisis management, and explore the impact of offensive security testing on compliance and zero-day response. A zero trust approach to cybersecurity has become the go-to model for many organizations because it embraces a framework that layers nicely across every possible threat vector.
Making developers accept the importance of security in their software development process comes with numerous challenges. Finally, there's the people-related challenges: developers may have difficulties with the imminent changes that DevSecOps bring to the development process, and may lack security skills required to carry out certain security practices in DevSecOps.