Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Data breaches have been rising in frequency and magnitude over the last two decades. In fact, the Identity Theft Resource Centre (ITRC) found that between 2005 and 2020, data breach events in the US alone increased from 57 to over 1001 – and the total for the first half of 2023 now stands at 1393. […]
Continue ReadingIn this Help Net Security interview, Gaspard de Lacroix-Vaubois, CEO at Skypher, talks about the implementation of security questionnaires and how they facilitate assessments and accountability across all participants in the technology supply chain, fostering trust and safeguarding sensitive data. Many organizations overlook the critical role of security questionnaires in risk assessment. Could you elaborate […]
Continue ReadingIn this Help Net Security video, Ivana Bartoletti, Global Privacy Officer at Wipro, discusses how organizations should deal with and deploy LLMs securely. Those who push the apocalypse scenario of monster machines taking over the world and destroying humans en masse aren’t doing us any favors. Arguably, the vision of the apocalypse is a distraction […]
Continue ReadingA vulnerability (CVE-2023-4211) in the kernel drivers for several Mali GPUs “may be under limited, targeted exploitation,” British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches. Arm’s Mali GPUs are used on a variety devices, most prominently on Android phones by Google, Samsung, Huawei, Nokia, Xiaomi, Oppo, and other […]
Continue ReadingBoard members often lack technical expertise and may not fully grasp cyber risks. On the other hand, CISOs are more accustomed to interfacing with IT staff. This is understandable; the board is responsible for guiding high-level decision-making. They rarely become involved with the details, leaving implementation plans and technical audits for the CISO to handle. […]
Continue ReadingIn this Help Net Security interview, Okey Obudulu, CISO at Skillsoft, talks about the increasing complexity of the CISO role and challenges they face. He discusses the business environment, tech innovation, the evolving regulatory landscape, limited resources, and budgets. Obudulu also provides recommendations for CISOs, emphasizing the need to embrace continuous learning across multiple domains […]
Continue ReadingIn this Help Net Security video, Ilkka Turunen, Field CTO at Sonatype, discusses how generative AI influences and impacts software engineers’ work and the software development lifecycle. According to a recent Sonatype survey of 800 developers (DevOps) and application security (SecOps) leaders, 97% are using the technology today, with 74% reporting pressure to use it […]
Continue ReadingSix zero-days in Exim, the most widely used mail transfer agent (MTA), have been revealed by Trend Micro’s Zero Day Initiative (ZDI) last Wednesday. Due to what seems to be insufficient information and poor communication, fixes for only three of them have been included in Exim v4.96.1, a security release made available today. Exim is […]
Continue ReadingProgress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code for CVE-2023-40044 has been available since Friday, and Rapid7 researchers have observed multiple instances of WS_FTP exploitation in the wild, with two different attack chains. […]
Continue ReadingSince July 2023, the Federal Bureau of Investigation (FBI) has noticed a new trend: dual ransomware attacks on the same victim, occurring in close proximity of one another. Dual ransomware attacks Dual ransomware attacks are when attacks against the same victim occurr within 10 days (or less) of each other. According to the FBI, most […]
Continue Reading