Security News

The exposed secrets include hundreds of Stripe, GitHub/GitLab tokens, RSA private keys, OpenAI keys, AWS tokens, Twitch secret keys, cryptocurrency exchange keys, X tokens, and Slack and Discord webhooks. This approach shows how and where API secret keys and tokens are exposed in real-world settings, not only in code repositories.

There is a misconception that only software and technology companies leverage crowdsourced security. Companies across various sectors are increasingly adopting crowdsourced security, as reported by Bugcrowd.

The European Commission adopted the implementing regulation concerning the EU cybersecurity certification scheme on Common Criteria. ENISA is grateful for the guidance and support from Member States via the European Cybersecurity Certification Group and for the contributions of the Stakeholder Cybersecurity Certification Group.

Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams. This public service announcement follows a surge of reports regarding criminals using couriers to collect cash or precious metals like gold or silver from victims whom the scammers instructed to sell their valuables.

Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email environment to exfiltrate mailbox data. "The...

In this Help Net Security interview, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, outlines the crucial tasks for CISOs in protecting supply chains and achieving comprehensive visibility. Auditing a hardware supply chain is exponentially more difficult, as vendors may or may not choose to disclose what their underlying operating systems are, what open source software they use, where they source the hardware components of their devices, what firmware runs both the device itself and its subcomponents - for example a router may run a Linux distribution, with an open source routing daemon, a motherboard from Supermicro, with high-speed NICs from Mellanox, a baseboard management controller from ASPEED with BMC code from AMI which itself is another version of Linux with its own SBOM. With the apparent disconnect between security and development teams in software supply chain security, what strategies do you recommend to enhance collaboration?

Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, “only 59% of organizations say their cybersecurity strategy has changed...

HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. On December 22, the firm disclosed that it suffered a data breach between July 14 and 23, 2023, which resulted in unauthorized access to some of its systems.

Public safety professionals want technology upgrades and adoption of federal standards for first responder IT security, reporting and efficiency, according to Mark43. "We heard a resounding response from first responders across the country: They are concerned about their public safety agency's ability to withstand cyberattacks and natural disasters, given the ever-increasing number and severity of bad actors attacking public infrastructure as well as the uptick in extreme weather incidents," said Matthew Polega, President, Mark43.

While tech workers want to learn and organizations are spending thousands of dollars per employee on learning technology, it is not translating into improved on-the-job performance for 4 out of 10 IT employees, according to Skillable. Inadequate training puts workers at risk of being left behind in the race for tech talent, which is in short supply.