Biztonsági szemle

Microsoft warns that ransomware group Storm-0501 has shifted from buying initial access to leveraging weak credentials to gain on-premises access before moving laterally to the cloud.

On the first night of BlackHat USA, I made conversation with a few friendly penetration testers who were perplexed when I told them I was a developer. Why would I be at a cybersecurity conference? …What was I hoping to get out of it? My general (and...

The threat actors managed to gain access to Sen. Ben Cardin (D-Md.) by posing as a Ukrainian official, before quickly being outed.

By combining agility with compliance, and security with accessibility, businesses will treat their data as a well-prepared traveler, ready for any adventure.

While the legislation has been opposed by Google and OpenAI due to additional burdens, such disapproval from Newsom has been regarded by bill sponsor Sen. Scott Wiener to be a step back in AI regulations.

Check Point Research researchers discovered that installation of the fake WalletConnect app triggers a wallet connection request and the stealthy activation of the MS Drainer toolkit, which then conducts token and NFT scanning and exfiltration...

Passwords should never be kept in plaintext due to potential exploitation, according to Irish DPC Deputy Commissioner Graham Doyle. Meanwhile, Meta noted the prompt remediation of the security issue.

All NVIDIA Container Toolkit versions up to 1.16.1 and GPU Operator instances up to version 24.6.1 are impacted by the flaw, which stems from the absence of secure containerized GPU isolation from the host that exposes sensitive host file system and...

Attacks involved the distribution of malicious Russian-language HTML files impersonating TrueConf and VK Messenger apps, which when opened stealthily downloads a password-protected ZIP file with a nested RarSFX archive that launches DCRat.

Bounties of up to $10 million have also been introduced by the U.S. State Department for any information about the hackers — who were noted by a joint federal statement to have shared stolen Trump campaign materials with individuals previously linked...

With Microsoft AD being mostly targeted via Kerberoasting, AS-REP roasting, and password spraying attacks, as well as Microsoft Entra Connect, GPP password, MachineAccountQuota, and certificate service compromise, organizations should leverage...

Productivity has a downside: A shocking number of employees share sensitive or proprietary data with the generational AI platforms they use, without letting their bosses know.