The Ultimate SaaS Security Posture Management Checklist, 2025 Edition
Since the first edition of The Ultimate SaaS Security Posture Management (SSPM) Checklist was released three years ago, the corporate SaaS sprawl has been growing…
Category: TheHackerNews
GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what’s called a…
MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks
May 22, 2024NewsroomVulnerability / Data Breach An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in…
Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings
May 22, 2024NewsroomEncryption / Quantum Computing Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support…
QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances
May 22, 2024NewsroomData Security / Vulnerability Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some…
Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass
May 22, 2024NewsroomEnterprise Security / Vulnerability Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of…
Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
May 21, 2024NewsroomVulnerability / Software Development GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could…
Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users
May 21, 2024NewsroomCloud Security / Data Security A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and…
SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure
May 21, 2024NewsroomData Breach / Malware The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown…
Streamlining IT Security Compliance Using the Wazuh FIM Capability
File Integrity Monitoring (FIM) is an IT security control that monitors and detects file changes in computer systems. It helps organizations audit important files and…
Five Core Tenets Of Highly Effective DevSecOps Practices
One of the enduring challenges of building modern applications is to make them more secure without disrupting high-velocity DevOps processes or degrading the developer experience.…
Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox
May 21, 2024NewsroomSupply Chain Security / AI Model A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by…