Biztonsági szemle

AppSec is hard for traditional software development, let alone citizen developers. So how did two people resolve 70,000 vulnerabilities in three months?

In an incident with direct parallels to the recent Ticketmaster compromise, an Aussie live events giant says it was breached via a third-party cloud provider, as ShinyHunters takes credit.

The settlement between the SEC and the owner of the New York Stock Exchange is a critical reminder of the vulnerabilities within financial institutions' cybersecurity frameworks as well as the importance of regulatory oversight.

Hunting for configuration files is one of the favorite tricks we typically see used against our honeypots. Traditionally, standard and more generic configuration files like ".env" or ".config" are the target, with some cloud-specific configuration...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Version 4.01 of Sysinternals' Process Monitor (procmon) was released (just one day after the release of version 4.0).

After Sept. 29, 2024, organizations and individuals that continue using the vendor's products will no longer receive any updates or support.

Government ministries keep falling victim to relatively standard-fare cyber-espionage attacks, like this latest campaign with hazy Chinese links.

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Inside China's civilian hacker army; outer space threats; and NIST 2.0 Framework secrets for...