Balancing cybersecurity with convenience and progress

Changing approaches to cybersecurity have led to slow but steady progress in defense and protection. Still, competing interests create a growing challenge for cybersecurity decision makers and practitioners, according to CompTIA. The state of cybersecurity Most business and technology professionals feel that cybersecurity is improving, both generally and within their organizations. They also acknowledge that […]

Continue Reading

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)

GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. They flaw may allow a threat actor to abuse scan execution policies to run pipelines as another user. About the vulnerability (CVE-2023-5009) CVE-2023-5009 – discovered by software developer and bug hunter Johan Carlsson […]

Continue Reading

Why more security doesn’t mean more effective compliance

Financial institutions have always been a valuable target for cyberattacks. That’s partly why banking and financial institutions are heavily regulated and have more compliance requirements than those in most other industries. A slew of new rules have been put in place in recent years, designed to place more emphasis on continually measuring and managing this […]

Continue Reading

Signal takes a quantum leap with E2EE protocol upgrade

Signal has announced an upgrade to its end-to-end encryption (E2EE) protocol to protect users of its popular messaging app from encryption-breaking attacks through quantum computers. Getting ready for quantum computing “Quantum computing represents a new type of computational system which leverages quantum mechanical properties to solve certain complex problems many orders of magnitude more quickly […]

Continue Reading

Fake WinRAR PoC spread VenomRAT malware

An unknown threat actor has released a fake proof of concept (PoC) exploit for CVE-2023-4047, a recently fixed remote code execution (RCE) vulnerability in WinRAR, to spread the VenomRAT malware. The fake WinRAR PoC On August 17, 2023, Trend Micro’s Zero Day Initiative reported the RCE vulnerability (CVE-2023-4047) that allowed threat actors to execute arbitrary […]

Continue Reading