Biztonsági szemle

In its latest Windows preview, Microsoft adds a feature — Administrator Protection — designed to prevent threat actors from easily escalating privileges and restrict lateral movement.

Fidelity maintains that there’s no indication of a ransomware incident – and that no funds were stolen.

When employees and leaders engage with CISOs early in innovation projects, security concerns are addressed proactively, building trust and ensuring innovation and security coexist.

Vulnerability prioritization has evolved over the years. Several frameworks exist to help organizations make the right decisions when it comes to deciding which patches to apply and when. But are these better than a Magic 8 Ball?

Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and...

Such breaches, which were pinned on the dismal security measures of Marriott and subsidiary Starwood Hotels & Resorts, resulted in the exfiltration of individuals' email addresses, birthdates, and other personal details, as well as their passport...

Most serious of the resolved vulnerabilities was the critical OS command injection issue, tracked as CVE-2024-9463, which could be exploited to expose firewalls' usernames, cleartext passwords, API keys, and configurations.

Included in the 6.4 GB SQL database were Internet Archive members' email addresses, usernames, Bcrypt-hashed passwords and password change timestamps, as well as other internal details as recent as September 28, when the attack was believed to have...

While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management...

Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.

While threat actors continued to impersonate employers on job search platforms to lure software developers into participating in an online interview that would be followed by BeaverTail malware compromise, more recent attacks entailed the deployment...

Threat actors leveraged social engineering techniques to lure targets into executing a malicious MSI installer-spoofing LNK file that would run an obfuscated script, which ensures persistence and downloads the VSCode command-line interface in the...