Security News

AI Spera is pleased to announce its attainment of the highest global compliance certification level, PCI DSS Level 1 for Criminal IP, its in-house developed and serviced Cyber Threat Intelligence search engine. The Payment Card Industry Data Security Standard is a global information security standard designed to safeguard card payment information and transactions.

Security training has always been a real challenge for tech companies. Without frequent refresher training and a culture that develops and supports a security conscious workforce, the risk to the business is great.

The U.S. Cybersecurity & Infrastructure Security Agency has announced it is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect these crucial units from hacker attacks. "(CISA) can help your drinking water and wastewater system identify and address vulnerabilities with a no-cost vulnerability scanning service subscription.

Each SaaS application presents unique security challenges, and the landscape constantly evolves as vendors enhance their security features. Before embarking on a SaaS security journey, it's imperative to understand your organization's specific landscape and security needs.

Furthering the challenges for CISOs is a continual misalignment between security and identity teams. Visibility into the identity attack surface continues to be insufficient, leaving organizations exposed to bad actors who can access their environments, move laterally inside their networks, and wreak havoc in minutes.

The rise of API use has also led to an increase in the number of API breaches. For these reasons, it's essential to implement robust security measures to protect your APIs, and the data traversing them, to prevent breaches from occurring.

Every online interaction hinges on the bedrock of network security. In this Help Net Security video, Shawn Edwards, CSO at Zayo Group, discusses how businesses can ensure a secure network to protect themselves and their consumers.

While APIs are essential to many operations and used extensively, a lack of prioritization and understanding is leading us towards a growing API security crisis, according to a report by Traceable AI and Ponemon Institute. Plus, 57% of respondents feel traditional security solutions, including web application firewalls, can't effectively distinguish genuine from fraudulent API activity.

Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files. GitHub's security researcher Jaroslav Lobačevski reported the vulnerabilities in Notepad++ version 8.5.2 to the developers over the last couple of months.

North Korean threat actors are once again attempting to compromise security researchers' machines by employing a zero-day exploit. The warning comes from Google's own security researchers Clement Lecigne and Maddie Stone, who detailed the latest campaign mounted by government-backed attackers.