Cybersecurity Compliance

[ad_1] Voices in the vulnerability management community warned that the lasting issues of the US National Vulnerability Database (NVD) could lead to a major supply chain security crisis. A group of 50 cybersecurity professionals signed an open letter that was sent on April 12 to the US Secretary of Commerce, Gina Raimondo, and several members …

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation Read More »

[ad_1] Security researchers have discovered a new vulnerability affecting command-line tools used in cloud environments.  Dubbed “LeakyCLI” by the Orca Security team, the flaw exposes sensitive credentials in logs, posing potential risks to organizations utilizing AWS and Google Cloud platforms.  The issue mirrors a previously identified vulnerability in Azure CLI (CVE-2023-36052, with a CVSS score …

LeakyCLI Flaw Exposes AWS and Google Cloud Credentials Read More »

[ad_1] A substantial 93% of enterprises admitting to a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss.  This alarming statistic, unveiled by Pentera’s latest research efforts, underscores the escalating challenges organizations face in safeguarding their digital assets against evolving cyber-threats. The report, published today, comprehensively analyzes how enterprises …

Report Suggests 93% of Breaches Lead to Downtime and Data Loss Read More »

[ad_1] The Open Source Security (OpenSSF) and OpenJS Foundations have called on open source maintainers to look out for takeover attempts, after spotting multiple social engineering attacks reminiscent of the recent xz Utils campaign. The OpenJS Foundation Cross Project Council claimed in a new blog post that it recently received a series of suspicious emails …

Open Source Leaders Warn of XZ Utils-Like Takeover Attempts Read More »

[ad_1] Palo Alto Networks has detected targeted assaults exploiting a recently unearthed critical zero-day vulnerability within its PAN-OS software, designated CVE-2024-3400 with a CVSS score of 10.0.  This flaw enables unauthorized actors to execute arbitrary code with root privileges on affected firewalls. Identified as Operation MidnightEclipse, these targeted attacks have been closely monitored following the …

Palo Alto Networks Zero-Day Flaw Exploited in Targeted Attacks Read More »

[ad_1] A recent incident in West Africa has once again brought attention to the persistent threat posed by the LockBit ransomware.  Cybercriminals, armed with stolen administrator credentials, have deployed a customized variant of the encryption malware equipped with self-propagation capabilities.  Exploiting privileged access, they breached corporate infrastructure, demonstrating the ongoing risk posed by the leaked …

New LockBit Variant Exploits Self-Spreading Features Read More »

[ad_1] Russia, Ukraine and China harbor the greatest cybercriminal threat, according to the first World Cybercrime Index (WCI). This world-first cybercrime ranking is the result of work by an international team of academic researchers who surveyed 92 leading cybercrime experts and analyzed the results following a scientific methodology. The research project for the World Cybercrime …

Russia and Ukraine Top Inaugural World Cybercrime Index Read More »

[ad_1] Global chipmaker giant Nexperia has revealed it suffered a cyber-attack amid reports that ransomware hackers stole sensitive documents and intellectual property from the company. The Chinese-owned firm, headquartered in the Netherlands, confirmed in a statement on April 12 that “an unauthorized third party” accessed certain IT servers in March 2024. “We promptly took action …

Chipmaker Giant Nexperia Confirms Cyber-Attack Amid Ransomware Group C Read More »

[ad_1] The first three months of 2024 saw 841 publicly reported “data compromises” – up 90% on the same period last year, according to the Identity Theft Resource Center (ITRC). The non-profit said that although the number of data breaches, exposures and leaks was up on Q1 2023, the total victim count decreased 72% annually …

US Data Breach Reports Surge 90% Annually in Q1 Read More »

[ad_1] The US Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a breach affecting business analytics provider Sisense and urged its customers to rest their credentials. On April 11, 2024, CISA issued an advisory regarding Sisense customer data being potentially compromised. The agency is “currently collaborating with private industry partners to respond to a recent …

CISA Urges Immediate Credential Reset After Sisense Breach Read More »