Week in review: RCE bug in GitLab patched, phishing PyPI users, Escanor malware in MS Office docs
Thoma Bravo: Securing digital identities has become a major priority In this Help Net Security interview, Andrew Almeida, Partner on the Flagship team at Thoma Bravo, talks …
LastPass breach: Source code, proprietary tech info stolen
“An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code …
New infosec products of the week: August 26, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Drata, Ntrinsec, PlainID, Privitar, and ReasonLabs. Drata Risk Management provides …
How fast is the financial industry fixing its software security flaws?
Veracode released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the …
IT leaders struggling to address identity sprawl
Radiant Logic unveiled the Identity Data Management: Roadblock or Business Enabler report, providing insights into today’s identity management challenges. Gartner Peer …
0ktapus: Twilio, Cloudflare phishers targeted 130+ organizations
Group-IB has discovered that the recently disclosed phishing attacks on the employees of Twilio and Cloudflare were part of the massive phishing campaign that resulted in …
Phishing PyPI users: Attackers compromise legitimate projects to push malware
PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that …
How CISOs can safeguard security in CI/CD environments
DevOps is a staple at every forward-thinking organization these days. The agile development and release formula helps companies address customer issues and marketplace …
Ransomware dominates the threat landscape
Acronis researchers have concluded that ransomware continues to be the number one threat to large and medium-sized businesses, including government organizations. Nearly half …
Organizations changing cyber strategy in response to nation-state attacks
66% of organizations have changed their cybersecurity strategy as a direct response to the conflict between Russia and Ukraine, while 64% suspect their organization has been …
How attackers use and abuse Microsoft MFA
Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise …
Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884)
GitLab has fixed a remote code execution vulnerability (CVE-2022-2884) affecting the Community and the Enterprise Edition of its DevOps platform, and has urged admins to …
Featured news
Resources
Don't miss
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)
- Webinar: Amplifying SIEM with AI-driven NDR for IT/OT convergence
- How CISOs can elevate cybersecurity in boardroom discussions
- A humble proposal: The InfoSec CIA triad should be expanded