Young government workers show poor password management habits
Hybrid work has exposed another area of vulnerability, with 70% of government workers reporting they work virtually at least some of the time, according to Ivanti. The …
GitHub to introduce mandatory 2FA authentication starting March 13
Starting March 13, GitHub will gradually introduce the 2FA enrollment requirement to groups of developers and administrators, beginning with smaller groups. This measured …
Fake ChatGPT Chrome extension targeted Facebook Ad accounts
ChatGPT has garnered a lot of questions about its security and capacity for manipulation, partly because it is a new software that has seen unprecedented growth (hosting 100 …
Fortinet plugs critical RCE hole in FortiOS, FortiProxy (CVE-2023-25610)
Fortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy. None of the …
Google One expands security features to all plans with dark web report, VPN access
Google One unveiled two exciting additions to its range of features. Firstly, VPN by Google One will now be available to all plans, offering additional security while carrying …
Massive GitHub analysis reveals 10 million secrets hidden in 1 billion commits
GitGuardian scanned 1.027 billion new GitHub commits in 2022 (+20% compared to 2021) and found 10,000,000 secrets occurrences (+67% compared to 2022). What is interesting …
Inadequate patches and advisories increase cyber risk
Trend Micro’s overall threat detections increased by 55%, and the number of blocked malicious files surged by 242% due to indiscriminate targeting by threat actors who …
Navigating data classification in the era of extensive cloud adoption
Healthcare and financial services organizations have embraced cloud technology due to the ease of managing increasing volumes of data, according to Blancco. Cloud adoption has …
Attackers exploit APIs faster than ever before
After combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, …
AI is taking phishing attacks to a whole new level of sophistication
92% of organizations have fallen victim to successful phishing attacks in the last 12 months, while 91% of organizations have admitted to experiencing email data loss, …
Vulnerability in DJI drones may reveal pilot’s location
Serious security vulnerabilities have been identified in multiple DJI drones. These weaknesses had the potential to allow users to modify crucial drone identification details …
China-aligned APT is exploring new technology stacks for malicious tools
ESET researchers have analyzed MQsTTang, a custom backdoor that they attribute to the China-aligned Mustang Panda APT group. This backdoor is part of an ongoing campaign that …