Spoutible API exposed encrypted password reset tokens, 2FA secrets of users
A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the …
ResumeLooters target job search sites in extensive data heist
Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region. The group, dubbed …
Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832)
Five days after Mastodon developers pushed out fixes for a remotely exploitable account takeover vulnerability (CVE-2024-23832), over 66% of Mastodon servers out there have …
How CISOs navigate policies and access across enterprises
In this Help Net Security interview, Marco Eggerling, Global CISO at Check Point, discusses the challenge of balancing data protection with diverse policies, devices, and …
3 ways to achieve crypto agility in a post-quantum world
Working at the speed of digital business is a constant challenge. But in today’s increasingly automated operational environment, crypto agility—i.e., an organization’s ability …
10 must-read cybersecurity books for 2024
Our list of cybersecurity books has been curated to steer your professional growth in 2024. This selection aims to provide comprehensive information security insights and …
Paying ransoms is becoming a cost of doing business for many
Today’s pervasive cyberattacks are forcing the majority of companies to pay ransoms and break their ‘do not pay’ policies, with data recovery deficiencies compounding the …
Deepfaked video conference call makes employee send $25 million to scammers
A deepfake video conference call paired with social engineering tricks has led to the theft of over US$25 million from a multinational firm, the South China Morning Post has …
AnyDesk has been hacked, users urged to change passwords
AnyDesk Software GmbH, the German company behind the widely used (and misused) remote desktop application of the same name, has confirmed they’ve been hacked and their …
Latio Application Security Tester: Use AI to scan your code
Latio Application Security Tester is an open-source tool that enables the usage of OpenAI to scan code from the CLI for security and health issues. Features and future plans …
Researchers discover exposed API secrets, impacting major tech tokens
Escape’s security research team scanned 189.5 million URLs and found more than 18,000 exposed API secrets. 41% of exposed secrets were highly critical, i.e. could lead to …
Businesses banning or limiting use of GenAI over privacy risks
Privacy is much more than a regulatory compliance matter. Findings from a new Cisco study highlight the growing Privacy concerns with GenAI, trust challenges facing …
Featured news
Sponsored
Don't miss
- Overlooked essentials: API security best practices
- SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?