Critical Linux Kernel Vulnerability Let Attackers Execute Code
SMB servers that have ksmbd enabled are vulnerable to hacking due to a major Linux kernel vulnerability (CVSS score of 10). KSMBD is a Linux…
Month: December 2022
Attacks on Shadow APIs Loom Large
Shadow APIs (Application Programming Interfaces) are now the biggest threat facing API security today. Analysis of more than 20 billion transactions from the first half…
Triden Group Achieves SOC 2 Type 1 Compliance
[ This article was originally published here ] SAN DIEGO–()–Triden Group Corp announced today that it has achieved SOC 2 Type 1 compliance in accordance…
W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names
Dec 24, 2022Ravie LakshmananSoftware Security / Supply Chain Threat actors have published yet another round of malicious packages to Python Package Index (PyPI) with the…
safe_urls768 – s768.exe – Program Information
S768.EXE Information This is an undesirable program. This file has been identified as a program that is undesirable to have running on your computer. This…
Deserialized web security roundup – Fortinet, Citrix bugs; another Uber breach; hacking NFTs at Black Hat
John Leyden 16 December 2022 at 17:43 UTC Updated: 19 December 2022 at 14:19 UTC Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and…
#MIWIC2022: Zoë Rose, Canon Europe
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the…
ConnectWise Quietly Patches Flaw That Helps Phishers – Krebs on Security
ConnectWise, which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing…
Meta’s Tricky Quest to Protect Your Account
Meta says it applies the concepts of “adversarial design” to build systems with the assumption that attackers will try to exploit them, rather than ignoring…
Critical vulnerability in Atlassian Products (Jira, Confluence, Trello, BitBucket) allow easy session hijacking
On December 6th, 2022, CloudSEK announced that the firm had been the target of a cyber attack. The internal investigation team discovered throughout the course…
How Do You Know That Access Was Granted in the First Place?
Strong IGA as a strong foundation for Zero Trust Architecture A colleague and I recently had a discussion of Zero Trust Architecture (ZTA). There is…
Data Breach leads to Comcast Customer Data Leak
A few days ago, Comcast hit the news headlines for increasing its service price so much that many of its customers weren’t ready for the…