Biztonsági szemle

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-43770 Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are...

The most promising passwordless technology isn't enterprise-ready. Focus on feasible IAM upgrades that will strengthen your security posture until passwordless solutions mature.

A new survey finds that zero-trust efforts frequently go off the rails. We look at what it takes to establish a successful ZT-forward strategy.

Automated patching, scheduling, and reporting can help water utilities offset the challenges presented by legacy OT and ICS systems.

After the US and its allies formally accused China of irresponsible and malicious behavior in cyberspace back in 2021, the government there has been on a mission to cast the US in the same light.

Attackers are breaching cloud environments and playing games with corporate Microsoft 365 apps, and further victims are likely to come.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The unrelated cyberattacks both occurred in January.

Also in this issue: How the SEC's reporting rules are being weaponized, quishing attacks plaguing execs, and tabletop exercises making a comeback.

MacOS data exfiltration malware poses as an update for Visual Studio code editor.

New rewards of $10 million are being offered by the U.S. State Department in exchange for any information regarding the identities or whereabouts of the leaders of the Hive ransomware operation, which had been dismantled in an international law...

Escalating cybersecurity threats against election systems ahead of November's presidential polls have prompted the Cybersecurity and Infrastructure Security Agency to introduce a new program aimed at improving state and local governments' defenses...