Biztonsági szemle

Internet Archive's latest breach was noted by the threat actor to have stemmed from the digital library nonprofit's failure to rotate its authentication tokens.

Initial access in a pair of intrusions part of the attack campaign involved Crypto Ghouls utilizing a VPN and a contractor's login credentials, followed by the exploitation of NSSM and Localtonet for remote access.

Malicious emails alerting of state-sponsored intrusions have been sent to lure organizations' cybersecurity teams into downloading the fraudulent "ESET Unleashed program," which features several ESET DLLs and would enable file and data deletion upon...

Okta brought its partners to Las Vegas for the annual Oktane conference. Here are the highlights.

Security software can be the first line of defense or the last, and the cost of failure is catastrophic. That's why quality is priority zero for Cisco.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for...

For CISOs to keep the board apprised of the potential risks from a breach, they’ll need the security equivalent of the GAAP accounting standards.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.

The European Union adopted a new law setting EU-wide cybersecurity requirements for connected devices to ensure their safety.

The experimental SQL Expressions feature contains a flaw due to insufficient query sanitization.

Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.