Researchers from industrial cybersecurity firm Claroty and developer security company Snyk have analyzed more than a dozen URL parsing libraries and showed how inconsistencies can lead to various types of vulnerabilities. Industrial organizations have been advised not to ignore these findings.
The U.S. State Department and the National Counterintelligence and Security Center (NCSC) on Friday issued a warning over the use of commercial surveillance tools.
With eyes firmly set on the booming attack surface management space, threat intel powerhouse Recorded Future is shelling out $65 million to purchase SecurityTrails, a startup that helps organizations keep track of internet-facing assets.
A large-scale, long-term phishing experiment conducted in a 56,000-employee organization has come to a startling conclusion: Those simulated phishing tests commonly seen in corporate user-education campaigns are actually making things much worse.
French video game company Ubisoft this week confirmed that ‘Just Dance’ user data was compromised in a recent cybersecurity incident.
The data breach was the result of a misconfiguration that has since been corrected, but not before player data was accessed and potentially copied by a third party.
China’s Ministry of Industry and Information Technology (MIIT) said it will temporarily suspend its collaboration with Alibaba Cloud as a cyber threat intelligence partner due to the fact that the company did not inform the government first about the discovery of the Log4Shell vulnerability, according to local media reports.
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
Current security technology stacks are not keeping up with the increasing scale and sophistication of attacks
The widely used Log4j logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including profit-driven cybercriminals and state-sponsored groups.
