DDoS alert traffic reaches record-breaking level of 436 petabits in one day
With over one billion websites worldwide, HTTP/HTTPS application-layer attacks have increased by 487% since 2019, with the most significant surge in the second half of 2022, …
HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620)
Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API …
3CX compromise: More details about the breach, new PWA app released
3CX has released an interim report about Mandiant’s findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting …
Kodi forum breach: User data, encrypted passwords grabbed
The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. What happened? The breach did not happen due to a …
Data-backed insights for future-proof cybersecurity strategies
The Qualys Threat Research Unit (TRU) has been hard at work detecting vulnerabilities worldwide, and its latest report is set to shake up the industry. In this Help Net …
Hybrid work environments are stressing CISOs
The impact of the hybrid workforce on security posture, as well as the risks introduced by this way of working, are posing concerns for CISOs and driving them to develop new …
Threat hunting programs can save organizations from costly security breaches
Cybersecurity threats to organizations are only increasing, not only in number but in scope, according to Team Cymru. The true cost of cyber breaches Proactive threat hunting …
Microsoft patches zero-day exploited by attackers (CVE-2023-28252)
It’s April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day (CVE-2023-28252). About …
Beware of companies offering paid sextortion assistance
Sextortion victims are already in a vulnerable position, and shady companies are taking advantage of this vulnerability to offer “sextortion assistance” services …
Apple rushes fixes for exploited zero-days in iPhones and Macs (CVE-2023-28205, CVE-2023-28206)
Apple has pushed out security updates that fix two actively exploited zero-day vulnerabilities (CVE-2023-28205, CVE-2023-28206) in macOS, iOS and iPadOS. Reported by …
Making risk-based decisions in a rapidly changing cyber climate
Nicole Darden Ford is Global VP & CISO at Rockwell Automation. As the company’s cybersecurity leader, Nicole is entrusted to protect enterprise IT assets with scalable, …
Criminal businesses adopt corporate behavior as they grow
As criminal groups increase in size, they adopt corporate-like behavior, but this shift brings about its own set of challenges and costs, according to Trend Micro. “The …