Low code, high stakes: Addressing SQL injection
Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source …
The rise of SaaS security teams
In this Help Net Security interview, Hillary Baron, Senior Technical Director for Research at CSA, highlights that the recent surge in organizations establishing dedicated …
Ghidra: Open-source software reverse engineering framework
Ghidra, a cutting-edge open-source software reverse engineering (SRE) framework, is a product of the National Security Agency (NSA) Research Directorate. The framework …
Malicious emails trick consumers into false election contributions
Major regional and global events – such as military exercises, political or economic summits, political conventions, and elections – drove cyber threat activities, according …
Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Users of JetBrains IDEs at risk of GitHub access token compromise …
Microsoft delays Windows Recall rollout, more security testing needed
Microsoft is delaying the release of Recall, a controversial Windows 11 feature that will allow users to search their computer for specific content that has previously been …
YetiHunter: Open-source threat hunting tool for Snowflake environments
Cloud identity protection company Permiso has created YetiHunter, a threat detection and hunting tool companies can use to query their Snowflake environments for evidence of …
Modern fraud detection need not rely on PII
Trends in online fraud detection often act as the canary in the coal mine when it comes to understanding and combating the next generation of online scams, fraud and …
The biggest downsides of digital ID adoption
As innovative digital verification methods continue to emerge, the debate around their reliability and effectiveness is heating up, according to Regula. Companies employ …
New infosec products of the week: June 14, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Acronis, Diligent, Entrust, KELA, Plainsea, and SentinelOne. Plainsea: Cybersecurity …
PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)
An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks …
Urgently needed: AI governance in cyber warfare
Artificial intelligence is quickly becoming central to societal growth. AI has great power to improve daily life, from education to healthcare, from sustainability to defense. …
Featured news
Sponsored
Don't miss
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)
- Risk related to non-human identities: Believe the hype, reject the FUD