Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

The Problem of Permissions and Non-Human Identities

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year’s report. At the same time, the number of leaked credentials has…

CISA Launches New Learning Platform to Enhance Training and Education U.S. Veterans and Other Stakeholders

by CISA
November 18, 2024
Security News, Assessments & Alerts
3 min read

Washington – The Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of CISA Learning, a learning management system that will modernize training and education for its employees and key stakeholders. This transformative platform is…

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11

Nov 18, 2024Ravie LakshmananCybersecurity / Infosec What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This…

The Advantage of Year-Round Network Pen Testing

Nov 18, 2024The Hacker NewsPenetration Testing / Network Security IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait…

Gmail’s New Shielded Email Feature Lets Users Create Aliases for Email Privacy

Nov 18, 2024Ravie LakshmananPrivacy / Email Security Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam.…

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information

A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping…

NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta’s Lawsuit

Nov 18, 2024Ravie LakshmananMobile Security / Spyware Legal documents released as part of an ongoing legal tussle between Meta’s WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the…

Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Nov 18, 2024Ravie LakshmananVulnerability / Website Security A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker…

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Nov 16, 2024Ravie LakshmananVulnerability / Network Security Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management…

DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials

A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet’s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday,…

« Previous
1
…
313
314
315
316
317
…
500
Next »