Consumers continue to overestimate their ability to spot deepfakes
The Jumio 2024 Online Identity Study reveals significant consumer concerns about the risks posed by generative AI and deepfakes, including the potential for increased …
Week in review: New Black Basta’s social engineering campaign, passing the CISSP exam in 6 weeks
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Black Basta target orgs with new social engineering campaign Black Basta, one …
US exposes scheme enabling North Korean IT workers to bypass sanctions
The US Justice Department had unsealed charges against a US woman and an Ukranian man who, along with three unidentified foreign nationals, have allegedly helped North Korean …
The importance of access controls in incident response
The worst time to find out your company doesn’t have adequate access controls is when everything is on fire. The worst thing that can happen during an incident is that your …
The IT skills shortage situation is not expected to get any better
A growing IT skills shortage is impacting organizations in all industries and across all regions, according to IDC. In a recent IDC survey of North American IT leaders, nearly …
Too many ICS assets are exposed to the public internet
The enterprise attack surface is expanding in multiple ways, becoming more numerous and more specific, according to runZero. “Our research reveals alarming gaps and unexpected …
New infosec products of the week: May 17, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Calix, FireMon, ManageEngine, and OWASP Foundation. Calix strengthens SmartBiz …
Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)
New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely execute code during a …
Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)
For the third time in the last seven days, Google has fixed a Chrome zero-day vulnerability (CVE-2024-4947) for which an exploit exists in the wild. About CVE-2024-4947 …
Is an open-source AI vulnerability next?
AI has captured widespread interest and offers numerous benefits. However, its rapid advancement and widespread adoption raise concerns, especially for those of us in …
OWASP dep-scan: Open-source security and risk audit tool
OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project …
Ebury botnet compromises 400,000+ Linux servers
ESET researchers released its deep-dive investigation into one of the most advanced server-side malware campaigns. It is still growing and has seen hundreds of thousands of …