Apple patches another iOS zero-day under attack (CVE-2023-42824)
Apple has released a security update for iOS and iPadOS to fix another zero-day vulnerability (CVE-2023-42824) exploited in the wild. About CVE-2023-42824 CVE-2023-42824 is a …
Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)
Atlassian has fixed a critical zero-day vulnerability (CVE-2023-22515) in Confluence Data Center and Server that is being exploited in the wild. “Atlassian has been made …
Eyes everywhere: How to safely navigate the IoT video revolution
Cameras are coming to a connected device near you. Cheap image sensors from old mobile phones are flooding the market and bringing video to the Internet of Things (IoT). …
LLMs lower the barrier for entry into cybercrime
Cybercriminals employ evolving attack methodologies designed to breach traditional perimeter security, including secure email gateways, according to Egress. “Without a doubt …
Soft skills continue to challenge the cybersecurity sector
New cybersecurity findings pinpoint areas where cybersecurity experts are lacking, with interpersonal skills, cloud computing, and security measures standing out as the most …
The root cause of open-source risk
2023 saw twice as many software supply chain attacks as 2019-2022 combined. Sonatype logged 245,032 malicious packages in 2023. One in eight open-source downloads today poses …
Backdoored Android phones, TVs used for ad fraud – and worse!
A key monetization mechanism of a sophisticated series of cybercriminal operations involving backdoored off-brand mobile and CTV Android devices has been disrupted, Human …
Qualcomm patches 3 actively exploited zero-days
Qualcomm has fixed three actively exploited vulnerabilities (CVE-2023-33106, CVE-2023-33107, CVE-2023-33063) in its Adreno GPU and Compute DSP drivers. Vulnerabilities …
Google unveils stricter anti-spam rules for bulk email senders
To keep Gmail users’ inboxes “safer and more spam-free”, Google is introducing new requirements for bulk senders (of commercial email). “Last year we …
Amazon: AWS root accounts must have MFA enabled
Amazon wants to make it more difficult for attackers to compromise Amazon Web Services (AWS) root accounts, by requiring those account holders to enable multi-factor …
Making privacy sustainable: Incorporating privacy into the ESG agenda
Data breaches have been rising in frequency and magnitude over the last two decades. In fact, the Identity Theft Resource Centre (ITRC) found that between 2005 and 2020, data …
Tackling cyber risks head-on using security questionnaires
In this Help Net Security interview, Gaspard de Lacroix-Vaubois, CEO at Skypher, talks about the implementation of security questionnaires and how they facilitate assessments …
Featured news
Resources
Don't miss
- Job-seeking devs targeted with fake CrowdStrike offer via email
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance
- The SBI fake banking app shows that SMS authentication has had its day
- Preventing the next ransomware attack with help from AI
- Banshee Stealer variant targets Russian-speaking macOS users