U.S. access and identity management giant Okta has said it is laying off approximately 400 employees, or 7% of its global workforce. The layoffs come almost exactly a year to the day after Okta announced plans to reduce its workforce…
Tag: EN
What is HTTP Request Smuggling and HTTP/2 Downgrading?
Have you heard of the term HTTP Request Smuggling? What about HTTP/2 Downgrading? Well, these are vulnerabilities that can be exploited by cybercriminals when there are issues between the front-end and back-end of websites. If left unresolved, these can result…
Top 11 Privileged Access Management Solutions (2024)
Looking to find the right privileged access management (PAM) solution for your organization? Well, you’ve certainly come to the right place… PAM tools play a key role in any modern cybersecurity strategy. Without them, you can’t hope to protect yourself…
Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping
Daniel James Junk sentenced to six years in prison for stealing millions in cryptocurrency through SIM swapping. The post Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping appeared first on SecurityWeek. This article has been indexed…
Qualys enhances CyberSecurity Asset Management to discover risky unmanaged devices
Qualys is expanding Qualys CyberSecurity Asset Management (CSAM) to identify unmanaged and untrusted devices in real-time. Leveraging the Qualys Cloud Agent to continuously monitor the network, this passive discovery method complements scans, agents, and API-based discovery to build a comprehensive…
Graylog API Security enables organizations to identify and classify APIs
Graylog released a free version of Graylog API Security. This API discovery and monitoring tool makes API security accessible to enterprises of all sizes at a time when API-related attacks are on the rise. Uniquely, Graylog API Security enables organizations…
Fake Voicemail as Credential Harvesting Lure
Introduction Hackers will try just about anything to get you to click on a malicious link. The key is to make the overall email seem as believable as possible. The more legitimate it seems, the better. The more believable it…
Generative AI is the Pride of Cybercrime Services
Cybercriminals Officially Utilize Generative AI for Spam Campaigns, Social Media Impersonation and Verification Services Highlights: – Generative AI as a Cybercrime Tool: Cybercriminals are increasingly using generative AI for sophisticated cybercrimes, including social media impersonation, spam campaigns, and KYC verification services.…
LockBit shows no remorse for ransomware attack on children’s hospital
It even had the gall to set the ransom demand at $800K … for a nonprofit Ransomware gang LockBit is claiming responsibility for an attack on a Chicago children’s hospital in an apparent deviation from its previous policy of not…
Biden Will Veto Efforts to Spike SEC Breach Disclosure Rule
President Biden is warning Congressional Republicans that he will veto any attempts to overturn the Securities and Exchange Commission’s (SEC) new requirement for public companies disclosing cybersecurity incidents. In a brief policy statement this week, the White House said public…
AI Poison Pill App Nightshade Received 250K Downloads in Five Days
Shortly after its January release, the AI copyright infringement tool Nightshade exceeded the expectations of its developers at the University of Chicago’s computer science department, with 250,000 downloads. With Nightshade, artists can avert AI models from using their artwork…
Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. “The campaign deploys a benign container generated using the Commando project,” Cado security researchers Nate Bill and Matt Muir said in a new report published today.…
Google’s Bazel Exposed to Command Injection Threat
Cycode stressed securing software supply chains amid complex dependencies and third-party actions This article has been indexed from www.infosecurity-magazine.com Read the original article: Google’s Bazel Exposed to Command Injection Threat
Short, Mid and Long-Term Impacts of AI in Cybersecurity
Kyle Wilhoit, director for threat research at Unit 42 Threat Intelligence, shares thoughts and predictions on impacts of AI in cybersecurity. The post Short, Mid and Long-Term Impacts of AI in Cybersecurity appeared first on Palo Alto Networks Blog. This…
At Least 30 Journalists, Lawyers and Activists Hacked With Pegasus in Jordan, Forensic Probe Finds
Pegasus spyware from NSO Group was used in Jordan to hack the cellphones of journalists, lawyers, human rights and political activists. The post At Least 30 Journalists, Lawyers and Activists Hacked With Pegasus in Jordan, Forensic Probe Finds appeared first…
New York Sues Citibank Over Poor Data Security
New York attorney general is suing Citibank for failing to protect customers against hackers and fraudsters who have stolen millions. The post New York Sues Citibank Over Poor Data Security appeared first on SecurityWeek. This article has been indexed from…
Three Compliance Management Solutions for Technology Decision-Makers
With growth comes more compliance responsibilities. Larger user bases attract the risk of data breaches, with malicious actors paying more attention to companies that are on the rise. Regulatory frameworks like GDPR, Quebec Law 25, and the India Data Protection…
Is Your Remote Workforce Truly Safe? Three Reasons Zero-Trust is the Answer
Zero-trust is the smart way to secure your remote workforce, and done right, it results in a more secure future with the technology available in the security space. The post Is Your Remote Workforce Truly Safe? Three Reasons Zero-Trust is…
FBI disrupts Chinese botnet used for targeting US critical infrastructure
The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations. A botnet for probing critical infrastructure organizations The threat actors used the KV botnet malware…
Secureworks Threat Score reduces alert noise and time to respond
Secureworks launched AI-powered Threat Score to silence alert noise and reduce security analyst workload by over 50%. With ransomware dwell times falling, security analysts are under more pressure than ever to make the right decisions about which alerts they investigate.…