SolarWinds fixes critical developer oversight
SolarWinds has issued a hotfix to patch up a security oversight that could allow remote access to sensitive credentials hardcoded in its Web Help Desk (WHD) product. The vulnerability, tracked as...
View ArticleGitHub fixes critical Enterprise Server bug granting admin privileges
Microsoft-owned source code management platform, GitHub, has rolled out fixes for three vulnerabilities affecting its Enterprise Server product, including a critical one allowing site administrator...
View ArticleClik here to view.
Auswirkungen auf IT-Fachkräfte: 10 Anzeichen für einen schlechten CSO
Sind IT-Mitarbeiter unzufrieden, kann das an schlechten Führungskräften oder an einer unzureichenden IT-Strategie liegen. Foto: fizkes – shutterstock.comUnternehmen können die für sie allgemein...
View ArticleClik here to view.
Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen
Mit der Zunahme von Cyberbedrohungen steigt auch die Zahl der Compliance-Rahmenwerke. So können CISOs diese Herausforderung bewältigen. Foto: Dapitart – shutterstock.comDie Anforderungen von...
View ArticleChinese APT group Velvet Ant deployed custom backdoor on Cisco Nexus switches
A Chinese state-sponsored cyberespionage group tracked as Velvet Ant exploited a zero-day vulnerability in Cisco NX-OS earlier this year to deploy a custom malware implant on an organization’s network...
View ArticleWordPress users not on Windows urged to update due to critical LiteSpeed...
More than five million WordPress sites are at risk of compromise due to a critical flaw in the LiteSpeed Cache plugin discovered in early August, according to researchers at Patchstack. The...
View ArticleIs the vulnerability disclosure process glitched? How CISOs are being left in...
In its July Patch Tuesday updates, Microsoft fixed a zero-day flaw, CVE-2024-38112 (7.5 CVSS), in Trident, Microsoft’s proprietary browser engine for Internet Explorer. Microsoft called the...
View ArticleClik here to view.
4 Fragen vor dem CISO-Job
Die richtigen Fragen im Bewerbungsgespräch können CISO-Kandidaten dabei unterstützen, besser abzuschätzen, was beim neuen Arbeitgeber auf sie zukommen könnte. Foto: N Universe | shutterstock.comDer...
View ArticleTo pay or not to pay: CISOs weigh in on the ransomware dilemma
In its “2024 Voice of the CISO” report, Proofpoint found that ransomware remains a top concern among CISOs worldwide. More surprising, however, is how CISOs say their organizations would deal with a...
View ArticleResearcher discovers exposed ServiceBridge database
Non-password protected databases containing sensitive corporate and personal information continue to be created and left wide open on the internet. The latest example, with over 2TB of invoices and...
View Article10 top anti-phishing tools and services
Phishing continues to be one of the primary attack mechanisms for bad actors with a variety of endgames in mind, in large part because phishing attacks are trivial to launch and difficult to fully...
View ArticleBug bounty programs take root in Russia — with possible far-reaching...
Russia’s 2022 invasion of Ukraine and subsequent international sanctions against Moscow and Minsk are having serious repercussions for the cybersecurity ecosystem in Russia. The withdrawal of Western...
View ArticleGoogle says a critical Chrome bug was exploited after a patch was released
Google is warning Chrome users of a critical vulnerability being actively exploited in the wild even after a patch was available. The vulnerability, tracked as CVE-2024-7965, is an inappropriate...
View ArticleThe Role of AI in Email Security: Beyond Phishing Detection
Artificial Intelligence (AI) has long been recognized for its role in detecting phishing attempts, but its capabilities extend far beyond that. With the rise of sophisticated cyber threats, AI has...
View ArticleTelegram founder’s arrest raises anxiety about future of end-to-end encryption
Days on from the weekend arrest of Telegram founder and CEO Pavel Durov in France, the tech industry is still trying to make sense of what this event means for the future of app privacy. To Durov’s...
View ArticleChina’s Volt Typhoon exploits Versa zero-day to hack US ISPs and IT firms
State-sponsored Chinese hackers exploited a zero-day vulnerability in Versa Director, a software platform for managing SD-WAN infrastructure used by internet service providers (ISPs) and managed...
View ArticleWhat is OWASP? A standard bearer for better web application security
Originally formed as the Open Web Application Security Project and incorporated as a nonprofit charity in 2004, OWASP provides impartial advice on best practices and promotes the creation of open...
View ArticleHow not to hire a North Korean IT spy
CISOs looking for new IT hires already struggle with talent market shortages and bridging cybersecurity skills gaps. But now they face a growing challenge from an unexpected source: sanctions-busting...
View ArticleCritical plugin flaw opens over a million WordPress sites to RCE attacks
A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites....
View ArticleCisco snaps up AI security player Robust Intelligence
Cisco on Tuesday announced plans to acquire Robust Intelligence, a security startup with a platform designed to protect AI models and data throughout the development-to-production lifecycle. It’s...
View Article