Security News

When asked why they use personal devices to do company work, the 334 IT, security and business professionals polled offered a variety of reasons, including three that show that many employees using them to get around their organization's security policies. Employees shouldn't be blamed for flawed security policies.

The report also found that companies implementing observability benefit from increased operational efficiency, faster innovation, and better business outcomes overall. Among the findings, the survey uncovered that observability leaders - those who follow best practices to leverage observability and report experiencing better business and IT outcomes as a result - are three times more likely to say their organization is doing extremely well with growing revenue, more than twice as likely to say the same about operational efficiency, and 2.5 times more likely to say they're excelling with the speed of innovation.

GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies. The flaw was assigned CVE-2023-4998 and impacts GitLab Community Edition and Enterprise Edition versions 13.12 through 16.2.7 and versions 16.3 through 16.3.4.

Data breaches are a dime a dozen. Although it’s easy to look at that statement negatively, the positive viewpoint is that, as a result, cybersecurity professionals have plenty of learning moments....

As available domain extensions increase in variety, so do security risks. In this Help Net Security video, Prudence Malinki, Head of Industry Relations at Markmonitor, discusses best practices enterprises should abide by when kickstarting their online business and domain strategy.

Google Reveals Combined SIEM and SOAR Update for Chronicle Security Operations Platform Users of the SecOps platform can preview Duet AI's natural language questions and summarization capabilities. Google Cloud announced today that an updated version of its Chronicle Security Operations platform is available in preview.

CISA also plans to create a guide to best practices in open source security for government entities and critical infrastructure organizations, according to the roadmap. CISA notes that open source software can lead to great innovation; however, CISA said, vulnerabilities like the widespread Log4shell vulnerability in 2021 mean open source software can introduce insidious flaws in widely-used code.

PostgreSQL is an open-source object-relational database platform with a track record of over 25 years of ongoing development. PostgreSQL 16 enhances its performance through significant upgrades in query parallelism, bulk data loading, and logical replication.

Google has announced the Auto Update Expiration date will be extended from 5 years to 10 for all Chromebooks, guaranteeing a decade of monthly security updates. Google says that starting in 2024, all Chromebooks released after 2021 will automatically qualify for ten years of security updates, delivered automatically to the device every four weeks.

Zero-Day Security Vulnerability Found in Chrome, Firefox and Other Browsers Updates are now available to patch a Chrome vulnerability that would allow attackers to run malicious code. It's time to update Google Chrome, Mozilla's Firefox or Thunderbird, Microsoft Edge, the Brave browser or Tor Browser; web development news site StackDiary has reported a zero-day vulnerability in all six browsers that could allow threat actors to execute malicious code.