Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)
Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache...
Read more →Category: HelpnetSecurity
Cybercrime operation that sold millions of fraudulent Microsoft accounts disrupted
Microsoft disrupted an alleged threat actor group that built viable cybercrime-as-a-service (CaaS) businesses. Dubbed Storm-1152 by Microsoft, the group bilked...
Read more →
GuardRail: Open-source tool for data analysis, AI content generation using OpenAI GPT models
GuardRail OSS is an open-source project delivering practical guardrails to ensure responsible AI development and deployment. GuardRail: Tailored to an...
Read more →
Digital ops and ops management security predictions for 2024
CISOs don’t need a crystal ball – they already know that 2024 will be another tough year, especially with AI...
Read more →
Microsoft ICSpector: A leap forward in industrial PLC metadata analysis
Microsoft ICSpector is an open-source forensics framework that enables the analysis of industrial PLC metadata and project files. Architecture The...
Read more →
Organizations prefer a combination of AI and human analysts to monitor their digital supply chain
The number of cyber breaches targeting organizations’ supply chains continues to rise, with an average 4.16 breaches reported to be...
Read more →
SAFE Materiality Assessment Module identifies top cyber risk scenarios
Safe Security announced its new SAFE Materiality Assessment Module, enabling security and risk leaders to achieve SEC compliance by estimating...
Read more →
Attackers abuse OAuth apps to initiate large-scale cryptomining and spam campaigns
Attackers are compromising high-privilege Microsoft accounts and abusing OAuth applications to launch a variety of financially-motivated attacks. Abusing OAuth applications...
Read more →
Drata unveils Third-Party Risk Management offering to help security teams identify risks
Drata announced its Third-Party Risk Management (TPRM) offering, empowering customers to identify, evaluate, and monitor third-party risks in one centralized...
Read more →
EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)
Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively...
Read more →
Which cybersecurity controls are organizations struggling with?
How are organizations performing across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework? A recent analysis by Bitsight...
Read more →
Guide: Application security posture management deep dive
Distinguishing real, business-critical application risks is more challenging than ever. A siloed, ad hoc approach to AppSec generates noisy false...
Read more →