Investment May Be Down, but Cybersecurity Remains a Hot Sector
There’s still a great deal of capital available for innovative companies helping businesses secure their IT environments.
Checkmarx Announces GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster
Powered by GPT-4, innovative new AI-driven capabilities lower application security (AppSec) risk and help security teams “shift everywhere” with speed and accuracy.
New eID Scheme Gives EU Citizens Easy Access to Public Services Online
The European Commission voted a new electronic identification scheme that creates new opportunities for EU citizens and businesses.
Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining
A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center (ISC), which detected a spike in HTTP requests for “/nifi” on May 19, 2023. “Persistence is achieved via timed processors or entries to […]
Mirai Variant Opens Tenda, Zyxel Gear to RCE, DDoS
Researchers have observed several cyberattacks leveraging a botnet called IZ1H9, which exploits vulnerabilities in exposed devices and servers running on Linux.
Focus Security Efforts on Choke Points, Not Visibility
By finding the places where attack paths converge, you can slash multiple exposures in one fix for more efficient remediation.
Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices
Cybersecurity researchers have found “backdoor-like behavior” within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue. “Most Gigabyte firmware includes a Windows
Beware of Ghost Sites: Silent Threat Lurking in Your Salesforce Communities
Improperly deactivated and abandoned Salesforce Sites and Communities (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data. Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources “ghost sites.” “When these Communities are no longer needed, though, they are often set aside but not deactivated,” Varonis
Microsoft Details Critical Apple macOS Vulnerability Allowing SIP Protection Bypass
Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to get around a key security measure called System Integrity Protection […]
6 Steps to Effective Threat Hunting: Safeguard Critical Assets and Fight Cybercrime
Finding threat actors before they find you is key to beefing up your cyber defenses. How to do that efficiently and effectively is no small task – but with a small investment of time, you can master threat hunting and save your organization millions of dollars. Consider this staggering statistic. Cybersecurity Ventures estimates that cybercrime […]
