New infosec products of the week: May 31, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Adaptive Shield, Dashlane, Detectify, and Truecaller. Adaptive Shield unveils …
NIST says NVD will be back on track by September 2024
The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and …
59% of public sector apps carry long-standing security flaws
Applications developed by public sector organizations have more security debt than those created by the private sector, according to Veracode. Security debt, defined for this …
NIST unveils ARIA to evaluate and verify AI capabilities, impacts
The National Institute of Standards and Technology (NIST) is launching a new testing, evaluation, validation and verification (TEVV) program intended to help improve …
Identity-related incidents becoming severe, costing organizations a fortune
With the rise of identity sprawl and system complexity, more businesses are suffering identity-related incidents than ever before, according to IDSA. Identity-related …
Moonstone Sleet: A new North Korean threat actor
Microsoft has named yet another state-aligned threat actor: Moonstone Sleet (formerly Storm-1789), which engages in cyberespionage and ransomware attacks to further goals of …
How fraudsters stole $37 million from Coinbase Pro users
A convincing phishing page and some over-the-phone social engineering allowed a group of crooks to steal over $37 million from unlucky Coinbase Pro users. One of them – …
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)
Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command …
Avoiding the cybersecurity blame game
Cyber risk management has many components. Those who do it well will conduct comprehensive risk assessments, enact well-documented and well-communicated processes and …
RansomLord: Open-source anti-ransomware exploit tool
RansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption. “I created RansomLord to demonstrate …
Cybersecurity jobs available right now: May 29, 2024
Some of the jobs listed here are no longer accepting applications. For a fresh list of open cybersecurity jobs, go here. Cloud Security Engineer – Secret Clearance …
A closer look at GenAI impact on businesses
This article includes excerpts from various reports that provide statistics and insights on GenAI and its impact on businesses. CEOs accelerate GenAI adoption despite …