Security News

Traditional web application pen testing has limitations and often leaves organizations with gaps in their security. Rapidly Changing Technologies: With the continuous evolution of technologies, pen testers must constantly update their skills and knowledge to stay ahead of the curve and effectively identify potential security issues.

Northern Ireland's police chief, Simon Byrne, resigned last night after an emergency meeting of the Policing Board amid discontent in the rank and file over a data breach that exposed serving officers' info, as well as news he was considering appealing a court ruling linked to the Troubles. An armed police officer stands guard at a cordon point while army ammunition technical officers examine a suspected bomb in Belfast, Northern Ireland.

The risk of running obsolete code and hardware was highlighted after attackers exfiltrated data from a UK supplier of high-security fencing for military bases. The initial entry point? A Windows 7 PC. While the supplier, Wolverhampton-based Zaun, said it believed that no classified information was downloaded, reports indicated that attackers were able to obtain data that could be used to gain access to some of the UK's most sensitive military and research sites.

Unlike General AI, Narrow AI is a specialized form of AI that is tuned for very specific tasks. In cybersecurity, Narrow AI can analyze activity data and logs, searching for anomalies or signs of an attack.

Apple is inviting security researchers to apply for the Apple Security Research Device Program again, to discover vulnerabilities and earn bug bounties. In the intervening years, participating researchers have identified 130 security-critical vulnerabilities and have indirectly helped Apple implement security improvements in the XNU kernel, kernel extensions, and XPC services around the system.

In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. He explains how these tools can complement human knowledge to enhance software security analysis and emphasizes the need for the security industry to prioritize the symbiotic relationship between humans and machines.

American entertainment giant Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information.Paramount said in breach notification letters signed by Nickelodeon Animation Studio EVP Brian Keane sent to affected individuals that the attackers had access to its systems between May and June 2023.

Apple announced today that iOS security researchers can now apply for a Security Research Device by the end of October. The company added that iPhones provided through the Security Research Device Program should only be used by authorized people and never leave the premises of the security research facility.

New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework. Microsoft's container architecture uses what's called a dynamically generated image to separate the file system from each container to the host and at the same time avoid duplication of system files.

The U.S. Office of the National Cyber Director released a request for information entitled Open-Source Software Security: Areas of Long-Term Focus and Prioritization, which indicates that the U.S. Government's effort to invest in open-source software and security continues to pick up steam. In this Help Net Security video, Luis Villa, General Counsel at Tidelift, discusses how the RFI is a clear call to open source experts and industry leaders that the best ideas for how the government can make the entire open source ecosystem more healthy and secure are top of mind.