Security automation gains traction, prompting a “shift everywhere” philosophy
The use of automated security technology is growing rapidly, which in turn is propagating the “shift everywhere” philosophy – performing security tests throughout the entire …
Week in review: Booking.com hotel booking scam, Kali Linux 2023.4 released
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Advanced ransomware campaigns expose need for AI-powered cyber defense In …
Meta introduces default end-to-end encryption for Messenger and Facebook
Meta is introducing default end-to-end encryption (E2EE) for chats and calls across Messenger and Facebook, the company revealed on Wednesday. Rolling out E2EE for Messenger …
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)
The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code …
December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance
UPDATE: December 12, 12:12 PM PT – The news is live: December 2023 Patch Tuesday: 33 fixes to wind the year down The final Patch Tuesday of the year is almost upon us! …
New infosec products of the week: December 8, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Atsign, Daon, Global Integrity, Living Security, Panther Labs, Searchlight Cyber, …
Aim for a modern data security approach
Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the …
Alert fatigue puts pressure on security and development teams
Security practitioners are under a tremendous amount of pressure to secure today’s applications, according to Cycode. The research found that AppSec chaos reigns, with 78% of …
AI literacy gap extends beyond technical skills
Even as organizations accelerate AI adoption, the majority don’t understand the AI skills their employees possess, if any, or have an upskilling strategy to develop them, …
Love for sports could lead to poor password practices
33% of Americans have used a sports-related term in a password, according to Bitwarden. Those who have are twice as likely to have used one inspired by a professional sports …
Short-term AWS access tokens allow attackers to linger for a longer while
Attackers usually gain access to an organization’s cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them …
Researchers automated jailbreaking of LLMs with other LLMs
AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an …
Featured news
Sponsored
Don't miss
- Overlooked essentials: API security best practices
- SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?