Imperva has been a beacon of excellence for over twenty years in the digital protection landscape, where innovation is paramount. Renowned for its groundbreaking products, Imperva has not just secured applications, APIs, and data for the world’s leading organizations but…
Category: EN
SoarGames – 4,774,445 breached accounts
In December 2019, the now defunct gaming website SoarGames suffered a data breach that exposed 4.8M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. A significant number of the email addresses…
New Relic’s cyber-something revealed as attack on staging systems, some users
Ongoing investigation found evidence of stolen employee creds and social engineering Nine days after issuing a vaguely worded warning about a possible cyber security incident, web tracking and analytics outfit New Relic has revealed a two-front attack.… This article has…
EU lawmakers finalize cyber security rules that panicked open source devs
PLUS: Montana TikTok ban ruled unconstitutional; Dollar Tree employee data stolen; critical vulnerabilities Infosec in brief The European Union’s Parliament and Council have reached an agreement on the Cyber Resilience Act (CRA), setting the long-awaited security regulation on a path…
Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say
The Municipal Water Authority of Aliquippa was just one of multiple organizations breached in the U.S. by Iran-linked “Cyber Av3ngers” hackers The post Breaches by Iran-Affiliated Hackers Spanned Multiple U.S. States, Federal Agencies Say appeared first on SecurityWeek. This article…
2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks
There are several cybersecurity trends that truly deserve top attention when we look back at 2023 — and they will get it. Meanwhile, cyber attacks against critical infrastructure quietly grow, despite a lack of major attention. The post 2023’s…
Employee Stress Puts Data in Danger
The Harvard Business Review conducted a survey of more than 330 remote employees from a wide range of industries to self-report on both their daily stress levels and their adherence to cybersecurity policies over the duration of two weeks. Employee…
DEF CON 31 – Daniel Avinoam’s ‘Staying Undetected Using The Windows Container Isolation Framework’
Many thanks to DEF CON 31 for publishing their terrific DefCon Conference 31 presenters content. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada; via the organizations YouTube channel. Permalink The post DEF…
Flying Blind: Is your Vulnerability Management program working?
Vulnerability management is a non-trivial problem for any organization that is trying to keep their environment safe. There can be myriad tools in use, multiple processes, regulations, and numerous stakeholders all putting demands on the program. All of these factors…
Application Security Trends & Challenges with Tanya Janca
In this episode, noteworthy guest Tanya Janca returns to discuss her recent ventures and her vision for the future of Application Security. She reflects on the significant changes she has observed since her career at Microsoft, before discussing her new…
Rising Tide of Cyber Threats: Booking.com Faces Surge in Customer Hacking Incidents
Dark forums are places where hackers advertise what they can do to increase attacks against Booking.com customers. As cybercriminals continue to target hotel guests by offering up to $2,000 for hotel logins, they are offering up to 2,000 dollars…
Reminder: Google Has Started to Purge Inactive Accounts
You should log into any old Google account you wish to maintain if you haven’t used it in a few years to avoid having it deleted due to Google’s inactive account policy. Google revealed the new guidelines in May,…
US Govt’s OFAC Sanctions North Korea-based Kimsuky Hacking Group
The Treasury Department’s Office of Foreign Assets Control (OFAC) has recently confirmed the involvement of Kimsuky, a North-Korea sponsored hacking group, in a cyber breach attempt that resulted in the compromise of intel in support of the country’s strategic aims. …
XDSpy Hackers Target Russian Military Industrial Companies
XDSpy attcks Russian industries A cyberespionage group called XDSpy has recently attacked Russian military-industrial enterprises, as per new research. XDSpy is said to be a state-controlled hacker, in the game since 2011, that mainly targets counties across Eastern Europe and…
23andMe Reports Hackers Accessed “Significant Number” of Ancestry Files
Genetic testing company 23andMe declared on Friday that approximately 14,000 customer accounts were compromised in its recent data breach. In an updated submission to the U.S. Securities and Exchange Commission, the company revealed that its investigation determined the breach…
Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerability disclosure: Legal risks and ethical considerations for researchers In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex…
Maximizing cybersecurity on a budget
A cybersecurity budget is an allocation of resources, both financial and otherwise, dedicated to protecting an organization’s digital assets from cyber threats. This includes funds for security software, hardware, training, and personnel. A well-structured cybersecurity budget ensures that an organization…
2024 cybersecurity outlook: The rise of AI voice chatbots and prompt engineering innovations
In their 2024 cybersecurity outlook, WatchGuard researchers forecast headline-stealing hacks involving LLMs, AI-based voice chatbots, modern VR/MR headsets, and more in the coming year. Companies and individuals are experimenting with LLMs to increase operational efficiency. But threat actors are learning…
The AI readiness race and where global companies stand
According to Cisco, only 14% of organizations worldwide are ready to implement and utilize AI technologies. The report found that 61% of respondents indicated they have a maximum of one year to deploy their AI strategy before there’s a negative…
Put guardrails around AI use to protect your org, but be open to changes
Artificial intelligence (AI) is a topic that’s currently on everyone’s minds. While in some industries there is concern it could replace workers, other industries have embraced it as a game-changer for streamlining processes, automating repetitive tasks, and saving time. But…