Featured
06/13/2024
Microsoft’s Brad Smith acknowledges past security failures, outlines new initiatives
Not everyone was as harsh on Microsoft’s previous mistakes. Jeff Williams, co-founder and chief technology officer at application security software platform provider Contrast Security Inc., noted that “while it’s pretty obvious in hindsight that they made a mistake, I think commentators are judging them without seeing the whole picture.”
“The unfortunate reality is that software is far more complex than most people understand,” he said. “A single application is built from dozens of source code repos, hundreds of open-source libraries, multiple application frameworks, server software and often multiple language platforms. And Microsoft has tens of thousands of applications, each of which has vulnerabilities reported all the time by tools, penetration testers, customers and more.”
06/16/2023
MOVEit Vulnerabilities: Clop Ransomware Gang Victims Keep Increasing
Experts criticized MOVEit MFT developer Ipswitch and found it “alarming” that the company missed an SQL injections flaw.
06/15/2023
Steve Wilson – OWASP Top Ten for LLMs
How do we do security in the world of AI and LLMs?
06/15/2023
Global cybersecurity agencies detail cyber threat from LockBit ransomware hackers
A joint cybersecurity advisory (CSA) has been released by global cybersecurity agencies.
06/14/2023
XSS Vulnerabilities Found in Microsoft Azure Cloud Services
Microsoft quickly issued patches for the two security issues, which could allow unauthorized access to cloud sessions.
06/14/2023
CISA: LockBit behind 1 in 6 ransomware attacks on US gov't in 2022
About one in every six ransomware attacks targeting U.S. government offices in 2022 can be traced back to a single group: LockBit.
06/14/2023
LockBit victims in the US alone paid over $90m in ransoms since 2020
As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections.
06/09/2023
North Korea’s social engineering threat not going away
North Korean state-sponsored actors continue to use social engineering to target employees of think tanks, academic institutions and the news media.
06/09/2023
Bugs discovered in Honda sales platform. Update on Minecraft mod malware
Bugs discovered in Honda sales platform.
06/08/2023
The Gigabyte firmware backdoor: Lessons learned about supply chain security
Firmware attacks can pose a substantial risk to the software supply chain.
06/01/2023
Apria Healthcare Data Breach Exposed Sensitive Information of Nearly 2 Million Patients
Apria healthcare data breach has exposed the personal, medical, and financial information of up to 1.8 million individuals.