Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. Any vulnerabilities within this software supply chain can jeopardize your and your customers’ safety. In this Help Net Security video, Tim Mackey, Head of Software Supply Chain Risk Strategy at Synopsys, discusses supply chain security […]
Continue ReadingPhishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low volume, targeted, and use trusted cloud services to send emails and host content (Microsoft and Adobe),” say Trustwave researchers Phil Hay and Rodel Mendrez. “The initial emails are sent from compromised Microsoft 365 accounts […]
Continue ReadingA newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems. Use of public exploits One notable aspect of the attackers leveraging the Buhti ransomware is their ability to quickly exploit newly disclosed vulnerabilities (e.g., the recently patched PaperCut and IBM Aspera […]
Continue ReadingIn this Help Net Security video, Tracy Reinhold, Chief Security Officer at Everbridge, talks about ISO 31030, the officially recognized International Standard for travel risk management, guiding how to manage risks to organizations and travelers. The global pandemic has been the primary concern for travel professionals over the past three years. However, the focus is […]
Continue ReadingA clever phishing campaign aimed at stealing users’ business email account credentials by impersonating OpenAI, the company behind the ChatGPT chatbot, has been spotted by Inky researchers. The attack ChatGPT has quickly gained popularity and is used widely by individuals and organizations. That’s enough of a reason for cybercriminals to impersonate the brand. The initial […]
Continue ReadingA vulnerability (CVE-2023-2868) in Barracuda Networks’ Email Security Gateway (ESG) appliances has been exploited by attackers, the company has warned. About CVE-2023-2868 CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001 – 9.2.0.006. “The vulnerability arises out of a failure to comprehensively sanitize the processing of […]
Continue ReadingThe widespread adoption of remote and hybrid working practices in recent years has brought numerous benefits to various industries, but has also introduced new cyber threats, particularly in the critical infrastructure sector. These threats extend not only to IT networks but also to operational technology (OT) and cyber-physical systems, which can directly influence crucial physical […]
Continue ReadingAccording to Imperva, bad bot traffic grew to 30.2%, a 2.5% increase over 2021. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses malicious bot activity. This is a substantial threat for businesses, leading to potential consequences such as compromised accounts, stolen data, spam, increased infrastructure and support expenses, customer […]
Continue ReadingGitHub has announced that its application security testing tools are now more widely available for subscribers of Microsoft’s Azure DevOps Services. Enabling GitHub Advanced Security for Azure DevOps (Source: Microsoft) What is GitHub Advanced Security for Azure DevOps? GitHub Advanced Security for Azure DevOps is a suite of tools native to the platform and, like […]
Continue ReadingA 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorized access to a computer with intent to commit other offences, after pleading guilty during a hearing at Reading Crown Court, England. IT employee blackmailing his own company The man was employed as an IT Security Analyst when, […]
Continue Reading