Content Paint
Search
Sign in

cybersecurity

 |  cybersecurity  | Jan 15, 2024
OpenAI, TikTok, X hunt insider threat specialists -- on widely diverging salary bands
insider threat risks

"In every insider threat case, there is a combination of network activity and employee behaviour. The malicious activity crosses both physical and electronic modalities..."

 |  AWS  | Jan 05, 2024
AWS rattles customers with unclear warning over mystery "recent CVE"
AWS rattles customers with unclear warning over mystery "recent CVE"

Warns users it will terminate affected tasks, but leaves a lacuna... (Fear not, we're here with details)

Kaspersky  | Jan 04, 2024
Kaspersky burns 11,000-line “NSA” exploit: Calls 14-step iPhone attack “definitely the most sophisticated attack chain we have ever seen”
Kaspersky burns 11,000-line “NSA” exploit: Calls 14-step iPhone attack “definitely the most sophisticated attack chain we have ever seen”

Apex Predators aside and in other news, a major telco just got hacked because it didn't have MFA set up on a critical account...

 |  MongoDB  | Dec 18, 2023
MongoDB hacked: Hints at authentication system compromise
mongodb hacked

Attackers had access to certain corporate systems “for some period of time before discovery”

 |  firmware  | Dec 07, 2023
Millions exposed to LogoFAIL firmware flaws: Should CISOs be worried? Well, yes, honestly.
Millions exposed to LogoFAIL firmware flaws: Should CISOs be worried? Well, yes, honestly.

You're probably exposed to rootkit risk, because vendors wanted their logos to show during boot processes -- everything's broken, howl into the abyss, why's this security advisory on a domain like https://9443417.fs1.hubspotusercontent-na1.net anyway?

 |  CISA  | Nov 30, 2023
CISA's going to name and shame vendors on insecure software
CISA's going to name and shame vendors on insecure software

"When we see a vulnerability or intrusion campaign that could have been reasonably avoided if the software manufacturer had aligned to secure by design principles, we’ll call it out"

cybersecurity  | Nov 28, 2023
ownCloud users could get badly owned as exploitation starts of CVSS 10 bug, with 11,000 instances exposed
owncloud vulnerability CVE-2023-49103

ownCloud claims 200,000 installations, 600 enterprise customers, and 200 million users with customers including the European Commission.

cybersecurity  | Nov 17, 2023
New report sheds light on “Scattered Spider”’s ability to take over identity providers
New report sheds light on “Scattered Spider”’s ability to take over identity providers

The group "register their own MFA tokens [and] add a federated identity provider to the victim’s SSO tenant and activate automatic account linking..."

SysAid  | Nov 10, 2023
IT support software from SysAid being exploited in the wild
IT support software from SysAid being exploited in the wild

Clear IOCs, guidance and documentation: A commendable response from SysAid.

Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.