Biztonsági szemle

Security Affairs reports that cloud tenants in the education industry have been targeted by the Storm-1977 threat operation in password spraying attacks that facilitated cryptomining activities during the past 12 months.

Initial access broker ToyMaker has been providing Cactus ransomware gang and other double extortion threat operations access to compromised systems, The Hacker News reports.

TikTok had its user database claimed to have been stolen by the R00TK1T hacking collective, which has already posted a sample of credentials belonging to 972,000 users, according to GBHackers News.

Attackers are leveraging the benefits of new technology and the availability of commodity tools, credentials, and other resources to develop sophisticated attacks more quickly than ever, putting defenders on their heels.

Security teams are under more pressure than ever — and cybersecurity debt is adding fuel to the fire. While it can't be eliminated overnight, it can be managed.

The Department of Justice announced compliance rules for the Data Security Program that will require organizations to reexamine how they do business and with whom.

An indisputable security use case for ChatGPT: scouring open-source changelogs for undisclosed vulnerability patches.

The malicious service is advertised to evade detection and closely mimic a real login page.

Attackers observed exploiting vulnerability in SAP's NetWeaver Visual Composer product.

Emerging identity and access management tools and approaches will be a hot topic this year.

An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?