-
ReversingLabs adds new context-based secret detection capabilities
PRIVACY PRIVACY ReversingLabs has added new secret detection capabilities to its software supply chain security (SSCS) tool to help developers prioritize remediation with context-based data on secrets. In a development environment, secrets refer to digital authentication credentials used in software components including login credentials, API tokens, and encryption keys. “We are using our knowledge of…
-
3 Ways We’ve Made the CIS Controls More Automation-Friendly
PRIVACY PRIVACY Looking to the future, the CIS Critical Security Controls team has updated the CIS Controls mappings to over 20 security frameworks. […] Read More
-
FBI reveals that more money is lost to investment fraud than ransomware and business email compromise combined
PRIVACY PRIVACY The latest annual FBI report on the state of cybercrime has shown a massive increase in the amount of money stolen through investment scams. Read more in my article on the Hot for Security blog. Read More
-
NetWire Remote Access Trojan Maker Arrested
PRIVACY PRIVACY From Brian Krebs: A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of…
-
Amazon-owned Ring reportedly suffers ransomware attack
PRIVACY PRIVACY Ring, a home security and smart home company owned by Amazon, has reportedly suffered a ransomware attack by Russia-linked ALPHV group, according to a tweet by VX-Underground. The ALPHV ransomware group, also known as BlackCat, has posted the company’s logo on its website along with a message that reads, “There’s always an option to let us…
-
LA Housing Authority Suffers Year-Long Breach
PRIVACY PRIVACY LockBit ransomware group stole data and encrypted files Read More
-
Broken Object Level Authorization: API security’s worst enemy
PRIVACY PRIVACY The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. According to the Open Web Application Security Project (OWASP, 2019), broken object-level authorization (BOLA) is the most significant vulnerability confronting modern…
-
UK Crypto Firm Loses $200m in Cyber-Attack
PRIVACY PRIVACY Euler Finance suffered “flash loan” attack Read More
-
MI5 Launches New Agency to Tackle State-Backed Attacks
PRIVACY PRIVACY National Protective Security Authority begins its work Read More
-
Can a quantum algorithm crack RSA cryptography? Not yet
PRIVACY PRIVACY Every CISO has encryption implementation decisions to make at a variety of levels and instances as they sort the support needed for business operations such as production, sales, support, data retention, and communication. These decisions tend to lean heavily on the “ease of use” doctrine and ubiquitousness of the various product offerings being…