In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set it
Hundreds of GitHub repositories have been targeted by a threat actor masked as the GitHub platform’s Dependabot feature to install password-stealing malware. The threat actor targeted website projects
The 10 Biggest Cyber Security Trends In 2024 Everyone Must Be Ready For Now Adobe Stock By the end of the coming year, the cost of cyber attacks on the global economy is predicted to top $10.5 trillio
Burp Suite Enterprise Edition is now available in our secure Cloud – Learn more Articles James Kettle Director of Research @albinowax Published: 14 June 2023 at 13:09 UTC Updated: 14 June 2023 at 13:1
In an email, a Microsoft representative said the engineer’s account was compromised using “token-stealing malware” but didn’t elaborate on how it got installed, if other corporate accounts were hacked
UPDATE: Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email. Our techni
A series of unfortunate and cascading mistakes allowed a China-backed hacking group to steal one of the keys to Microsoft’s email kingdom that granted near unfettered access to U.S. government inboxes
March 12, 2024 update As part of our continued commitment to transparency and trust outlined in Microsoft’s Secure Future Initiative, we are providing further information as it relates to our ongoing
Unless you’re doing continuous or quarterly budgeting, which some organizations do, then you’ll no doubt be getting ready for the long haul of the annual budget process to seek the resources you need
IT giant Ivanti is advising some customers to make changes to dodge a new zero-day vulnerability affecting one of its products. On Monday, the company warned of a bug in its Sentry security product th
How often when you use an ATM, payment terminal, or gas pump do you wonder “Is my card information safe?” I know I ask myself that every time I swipe or insert my card. Research by FICO shows that mor
BlogannouncementsWhy We Hack Purple and I are joining Semgrep announcements Why I'm choosing Semgrep, and what the future will hold for the AppSec Community. Subscribe to our blog Share When I started
By Jay Jacobs“Infosec twitter” has been used to describe the vibrant, active and often enthusiastic community of security practitioners working in and around the industry. It’s been a source of insigh
Photo: Suzanne Cordeiro/Getty Images More than three years after Russian hackers compromised SolarWinds and embedded a backdoor in its premier software product, the Securities and Exchange Commission
By Florian Noeding, Principal Security Architect Published inAdobe Tech Blog · 6 min read· Jun 22, 2023 -- In order to remediate security vulnerabilities efficiently, they should be identified and mit
The catch-phrase "shift left" has reached peak assimilation in the application security ethos as security pundits, DevOps strategists, app sec pros, and plenty of promoters of the concept have grabbed
This article is cross posted to LinkedIn here for comments and discussions. With my newfound passion to root out security myths and look for facts based on data, lots of things are catching my eye. Th
We run a newsletter that is sent roughly once a week, with additional commentary, news about our upcoming open-source projects, and things happening at the company. You can signup at www.crashoverride
This article is cross posted on LinkedIn for comments and discussion . The vast majority of developers don’t care about security. That’s a fact in my opinion, and it has been the same since I started
The developer used information it had gathered about a prevelant third-party cheating software to catch and punish players using it red-handed. Image: Valve Over 40,000 Dota 2 accounts have been perma
It is frustrating for cybersecurity vendors when conferences attain the status of “must attend.” They are extremely expensive to exhibit at and the ROI is often difficult to measure. In my experience
The University of Zurich, Switzerland’s largest university, announced on Friday it was the target of a “serious cyberattack,” which comes amid a wave of hacks targeting German-speaking institutions. T
This article is cross posted here on LinkedIn for discussion and comments. In the CSO interviews , I explained that we heard from CSO’s that they want less tools not more. I also explained that we hea
In the old days, security teams were all about protecting the code, written ‘in house’, that powered the features of their software. The dawn of SAST. We called it appsec. Along came open source, and
Published 26 January Share page About sharing Image source, DoJ Image caption, Deputy Attorney General Lisa O Monaco described the operation as a 21st Century cyber stakeout By Joe Tidy Cyber reporter
This article is crossposted to LinkedIn here for comments and discussions. Ever since I started OWASP and it suddenly took off, I have been fascinated by what makes some things rise up. In recent year
Edit Article 03/03/2023 In this article The original immutable laws of security (v2 updated below) identified key technical truths that busted prevalent security myths of those times. In that spirit,
Canada’s aviation system was briefly hit with a computer outage just hours after issues with the same system forced the United States’ Federal Aviation Administration to bring air traffic to a standst
Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at w
Breaking RSA with a Quantum Computer A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take
I don’t think I can resist making the analogy. It’s just too obvious, and the chance for witty humor and snarky commentary is just too great of a draw for my reptilian brain. If you haven’t seen the m
A critical vulnerability in the Ghost CMS newsletter subscription system could allow external users to create newsletters or modify existing ones so that they contain malicious JavaScript. Such an act
Password manager giant LastPass has confirmed that cybercriminals stole its customers’ encrypted password vaults, which store its customers’ passwords and other secrets, in a data breach earlier this
Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other service
Image Credit: hareluya/Shutterstock Cybersecurity is a high-stakes game. With the average data breach costing $4.35 million, security analysts are under constant pressure to protect critical data asse
Infosys has a lot to say about security You can check out their website for a lot of buzwords , but it’sclear from all the stock photos that they take security Very Seriously Indeed ™️. However, from
Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub repositories were hacked this month. According to a 'confidential'
U.S. World Russia-Ukraine War Latin America Europe Africa Middle East Asia Pacific U.S. News Australia China Politics Joe Biden Election 2024 Congress Video Spotlight Entertainment Movie reviews Book
Your weekly dose of Seriously Risky Business news is written by Tom Uren , edited by Patrick Gray with help from Catalin Cimpanu . It's supported by the Cyber Initiative at the Hewlett Foundation and
Keith Hoodlet