US, Australia, India and Japan deepen cyber ties This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: Quad Countries Prepare For Info Sharing on Critical Infrastructure
Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline
Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline, the critical infrastructure sector is on alert. A Canadian gas pipeline suffered a cyber security incident, Canada’s top cyber official and Pro-Russia hacking group Zarya claimed the…
The good, the bad and the generative AI
ChatGPT is just the beginning: CISOs need to prepare for the next wave of AI-powered attacks Sponsored Feature Change in the tech industry is usually evolutionary, but perhaps more interesting are the exceptions to this rule – the microprocessor in…
Update Now: PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Two vulnerabilities in PaperCut have been found, and one of them is being actively exploited in the wild. This blog entry provides a summary of the vulnerabilities, and includes security guidance for IT and SOC professionals. This article has been…
UK Cyber Pros Burnt Out and Overwhelmed
Alert fatigue is a major issue, says Expel This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: UK Cyber Pros Burnt Out and Overwhelmed
Why performing security testing on your products and systems is a good idea
VMware Releases Critical Patches for Workstation and Fusion Software
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as…
Quad nations unite to fight Cyber Attacks on Critical Public Infrastructure
The Quad nations comprising India, Japan, Australia, and the United States will reach an agreement on how to create a collective approach to blocking cyber attacks on critical public infrastructure, such as the power and communication sectors. The Quad countries…
Is the fear of AI being overblown
Artificial intelligence (AI) is a buzzword that has gained significant traction over the past decade. Many experts predict that AI will transform industries and change the way we live and work. However, there is also a growing fear that AI…
Overcoming industry obstacles for decentralized digital identities
In this Help Net Security interview, Eve Maler, CTO at ForgeRock, talks about how digital identities continue to play a critical role in how we access online services securely. Maler also highlights the challenges encountered by various industries in implementing…
Google Authenticator Major Update Brings Cloud Backup Feature
Google Authenticator was launched in 2010, which provides additional security for various applications by providing authentication codes for every sign-in. This prevents attackers from account takeover on any application linked with Google Authenticator. Google has launched various authentication mechanisms like…
New coercive tactics used to extort ransomware payments
The increase in reported ransomware victims across Q1 2023 reflects the continued prevalence of ransomware as a worldwide, industry agnostic threat, according to GuidePoint Security. The report is based on data obtained from publicly available resources, including threat groups themselves,…
Are you ready for PCI DSS 4.0?
In just under a year’s time, organizations will have had to comply with several new requirements under version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS). About PCI DSS PCI DSS comprises 12 requirements to protect payment…
CISOs: unsupported, unheard, and invisible
A study conducted among CISOs worldwide from various industries sheds light on their strategies amid a challenging threat environment, identifies obstacles from business functions, and highlights their requirements for achieving success. “Our research shows CISOs are motivated by a mission…
Guidance on network and data flow diagrams for PCI DSS compliance
This is the third blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when…
Halo Security detects exposed secrets and API keys in JavaScript
Web properties are increasingly relying on third-party JavaScript to increase functionality, but this can also bring inherent risks. A report from Source Defense, which scanned the 4,300 highest-trafficked websites globally, found an average of four third-party scripts per page. Often,…
Immuta releases new data security features to help users accelerate remediation efforts
Immuta announced new vulnerability risk assessment and dynamic query classification capabilities for the Immuta Data Security Platform. These new features enable customers to promptly identify and prioritize security gaps, protecting sensitive data based on the context and sensitivity levels. When…
Seclore puts risk into focus with new data classification and risk insights capabilities
Seclore has released new Digital Asset Classification and Risk Insights capabilities delivering security risk visibility and insights for the most sensitive digital assets within the enterprise, such as intellectual property, and customer and employee personally identifiable information. “In today’s digital…
Akamai Prolexic Network Cloud Firewall defends organizations against DDoS attacks
Akamai launched Prolexic Network Cloud Firewall, allowing customers to define and manage their own access control lists (ACLs) while enabling greater flexibility to secure their own network edge. Prolexic is Akamai’s cloud-based DDoS protection platform that stops attacks before they…
Corporate boards pressure CISOs to step up risk mitigation efforts
While those working in InfoSec and GRC have high levels of confidence in their cyber/IT risk management systems, persistent problems may be making them less effective than perceived, according to RiskOptics. The top challenges when implementing an effective cyber/IT risk…
US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt
Iranian hackers broke into to a system used by a local government to support its election night operations but were kicked out before any attack could be launched, according to U.S. military and cybersecurity officials. The post US Cyberwarriors Thwarted…
Accenture and Google Cloud expand collaboration to accelerate cybersecurity resilience
Accenture and Google Cloud announced an expansion of their global partnership to help businesses better protect critical assets and strengthen security against persistent cyber threats. Together, they are providing the technology, trusted infrastructure, and security expertise organizations need to build…
#RSAC: Ransomware Poses Growing Threat to Five Eyes Nations
Representatives of four of the five Five Eyes nations outlined the growing threat ransomware poses and approaches to thwart it This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: #RSAC: Ransomware Poses Growing Threat to Five Eyes Nations
#RSAC: Characterless Security Training Fails to Change User Behavior
Experts from Amazon and the NCA offered tips on how to engage end users with cyber awareness training This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: #RSAC: Characterless Security Training Fails to Change User Behavior
CISOs Rethink Data Security with Info-Centric Framework
The Data Security Maturity Model ditches application, network, and device silos when it comes to architecting a data security strategy. This article has been indexed from Dark Reading Read the original article: CISOs Rethink Data Security with Info-Centric Framework
Black Basta ransomware attacks Yellow Pages Canada
Categories: News Categories: Ransomware Tags: Yellow Pages Tags: Canada Tags: Black Basta Tags: ransomware Yellow Pages Canada has suffered a cyberattack by the Black Basta ransomware group. (Read more…) The post Black Basta ransomware attacks Yellow Pages Canada appeared first…
GuLoader returns with a rotten shipment
Categories: News Tags: GuLoader Tags: loader Tags: malware Tags: malspam Tags: email Tags: mail Tags: delivery Tags: collection Tags: scam Tags: infection Tags: Italy We take a look at a GuLoader campaign which comes bundled with an Italian language fake…