Security and data analytics company Sumo Logic disclosed a security breach after discovering that its AWS (Amazon Web Services) account was compromised last week. The company detected evidence of the
Atlassian reassessed the severity rating of the recent improper authorization vulnerability in Confluence Data Center and Server, raising the CVSS score from 9.1 to a maximum of 10. The company overha
Microsoft has made fresh commitments to harden the security of its software and cloud services after a year in which numerous members of the global infosec community criticized the company's tech defe
The great thing about the security industry is it’s made up of a variety of roles and people from many backgrounds, disciplines, skill sets and lived experiences. Let’s take a look at some of these -
FTC Expands Financial Data Breach Reporting Requirements https://www.databreachtoday.com/ Become A Premium Member News All News Articles Interviews Blogs Videos Compliance Healthcare's Ransomware Atta
Written by Gary DeMercurio of Caliber Security Partners, reposted from LinkedIn Out of 1,000 employees, statistically, 162 of them will allow an attacker into your company. About a week ago, someone s
Report this article Mark Curphey Co-Founder Crash Override Published Oct 26, 2023 + Follow I am an old git. I am 54. Yes, I do look much younger, thanks for noticing. If you are an old git like me, th
Update October 20, 16:15 EDT: Added BeyondTrust incident details.
Update October 20, 18:59 EDT: Added Cloudflare incident details.
Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen…
Enlarge 1Password 1Password, a password manager used by millions of people and more than 100,000 businesses, said it detected suspicious activity on a company account provided by Okta, the identity an
Welcome to The Cybersecurity 202! My cat Julius “Jules” Jonas Jonah Jameson has been extra-angelic of late. He’s always superb, but he’s just on another level of awesomeness recently. Was this forward
Data Breaches UK’s financial watchdog FCA imposes a £11 million (approximately $13.5 million) fine to Equifax over the 2017 data breach. October 16, 2023 Whatsapp Email The British watchdog Financial
Defense & Security Yomiuri Shimbun file photoDigital minister Taro Kono 17:52 JST, October 17, 2023 Japan has joined an international framework backed by cyber powers, including the United States, the
Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer suppo
Published inStarting Up Security · 7 min read· Oct 9, 2023 -- The Exploit Prediction Scoring system (EPSS) is great. You might like it, too, if you deal with large amounts of vulnerabilities. The Hand
Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal aut
Enlarge Miragec/Getty Images Google has been caught hosting a malicious ad so convincing that there’s a decent chance it has managed to trick some of the more security-savvy users who encountered it.
Your weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Patrick Gray. It's supported by the Cyber Initiative at the Hewlett Foundation and this week's edition is brought
In 2021, I performed a security audit of The Squid Caching Proxy. Squid is by far the most well known open-source forwarding HTTP proxy, and is used in many contexts, like corporations that want to fi
PROGRAM DESCRIPTION The Microsoft AI bounty program invites security researchers from across the globe to discover vulnerabilities in the new, innovative, Microsoft Copilot. Qualified submissions are
So I did it again. Proving I’m the most incompetent Security Hero EVER, I committed eight different access keys to a public GitHub repository for eight different AWS Accounts. What is fascinating is t
In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set it
Hundreds of GitHub repositories have been targeted by a threat actor masked as the GitHub platform’s Dependabot feature to install password-stealing malware. The threat actor targeted website projects
The 10 Biggest Cyber Security Trends In 2024 Everyone Must Be Ready For Now Adobe Stock By the end of the coming year, the cost of cyber attacks on the global economy is predicted to top $10.5 trillio
Burp Suite Enterprise Edition is now available in our secure Cloud – Learn more Articles James Kettle Director of Research @albinowax Published: 14 June 2023 at 13:09 UTC Updated: 14 June 2023 at 13:1
In an email, a Microsoft representative said the engineer’s account was compromised using “token-stealing malware” but didn’t elaborate on how it got installed, if other corporate accounts were hacked
UPDATE: Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email. Our techni
A series of unfortunate and cascading mistakes allowed a China-backed hacking group to steal one of the keys to Microsoft’s email kingdom that granted near unfettered access to U.S. government inboxes
March 12, 2024 update As part of our continued commitment to transparency and trust outlined in Microsoft’s Secure Future Initiative, we are providing further information as it relates to our ongoing
Unless you’re doing continuous or quarterly budgeting, which some organizations do, then you’ll no doubt be getting ready for the long haul of the annual budget process to seek the resources you need
IT giant Ivanti is advising some customers to make changes to dodge a new zero-day vulnerability affecting one of its products. On Monday, the company warned of a bug in its Sentry security product th
How often when you use an ATM, payment terminal, or gas pump do you wonder “Is my card information safe?” I know I ask myself that every time I swipe or insert my card. Research by FICO shows that mor
BlogannouncementsWhy We Hack Purple and I are joining Semgrep announcements Why I'm choosing Semgrep, and what the future will hold for the AppSec Community. Subscribe to our blog Share When I started
By Jay Jacobs“Infosec twitter” has been used to describe the vibrant, active and often enthusiastic community of security practitioners working in and around the industry. It’s been a source of insigh
Photo: Suzanne Cordeiro/Getty Images More than three years after Russian hackers compromised SolarWinds and embedded a backdoor in its premier software product, the Securities and Exchange Commission
By Florian Noeding, Principal Security Architect Published inAdobe Tech Blog · 6 min read· Jun 22, 2023 -- In order to remediate security vulnerabilities efficiently, they should be identified and mit
The catch-phrase "shift left" has reached peak assimilation in the application security ethos as security pundits, DevOps strategists, app sec pros, and plenty of promoters of the concept have grabbed
This article is cross posted to LinkedIn here for comments and discussions. With my newfound passion to root out security myths and look for facts based on data, lots of things are catching my eye. Th
We run a newsletter that is sent roughly once a week, with additional commentary, news about our upcoming open-source projects, and things happening at the company. You can signup at www.crashoverride
Keith Hoodlet