GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)
GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. The flaw may allow a …
Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones
Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited …
Why more security doesn’t mean more effective compliance
Financial institutions have always been a valuable target for cyberattacks. That’s partly why banking and financial institutions are heavily regulated and have more compliance …
New infosec products of the week: September 22, 2023
Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Dig Security, Laiyer.ai, Viavi Solutions, and Wing Security. 1Password …
Ransomware cyber insurance claims up by 27%
Overall cyber insurance claims frequency increased by 12% in the first half of 2023, according to Coalition. Increase in ransomware claims frequency Coalition found that both …
Code alterations more prevalent in Android apps than iOS
57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) apps facing the highest risk, according to Digital.ai. The study found no correlation between …
IT pros told to accept burnout as normal part of their job
The vast majority of IT security professionals admit stress has led them and peers to make errors that have caused data breaches, according to Devo Technology. Recent …
SMEs overestimate their cybersecurity preparedness
57% of SMEs have fallen victim to at least one cybersecurity breach, among whom 31% reported that their business experienced a breach within the past 12 months alone, …
Signal takes a quantum leap with E2EE protocol upgrade
Signal has announced an upgrade to its end-to-end encryption (E2EE) protocol to protect users of its popular messaging app from encryption-breaking attacks through quantum …
Telecom firms hit with novel backdoors disguised as security software
Researchers have unearthed new backdoors leveraged to maintain long-term access in the networks of telecom firms in the Middle East. HTTPSnoop and PipeSnoop – as the two …
Fake WinRAR PoC spread VenomRAT malware
An unknown threat actor has released a fake proof of concept (PoC) exploit for CVE-2023-4047, a recently fixed remote code execution (RCE) vulnerability in WinRAR, to spread …
Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179)
Trend Micro has fixed a critical zero-day vulnerability (CVE-2023-41179) in several of its endpoint security products for enterprises that has been spotted being exploited in …
Featured news
Sponsored
Don't miss
- How to recognize employment fraud before it becomes a security issue
- Practical strategies to build an inclusive culture in cybersecurity
- Domain security posture of Forbes Global 2000 companies
- Faraway Russian hackers breached US organization via Wi-Fi
- Microsoft asks Windows Insiders to try out the controversial Recall feature