Biztonsági szemle

The integration of Entra Identity offerings with new security service edge (SSE) services to provide unified conditional access is seeking enterprise approval.

Choosing the right remote work systems for your SMB is easy. We have a large list of customizable solutions that can keep your teams connected and secure.

Remember when hackers used to write their own malware? Kids these days don't want to work, they just want freely available tools to do it for them.

Companies need robust cyber-response plans and a straightforward path to transparency.

While the new policy could be adopted based on Snowflake customers' preferences, OAuth and other key-pair authentication systems are still recommended for service users.

Organizations affected by the breach have been urged by security researcher and former Microsoft employee Kevin Beaumont to be vigilant of the emails, which were not sent in adherence to the Microsoft 365 breach process.

Attackers could exploit the flaw, which stemmed from inadequate CSRF protections primarily in SkillTree endpoints for state-changing operations, to spread misinformation and prompt training disruptions.

GitLab has issued a fix for the critical flaw in GitLab Community Edition and Enterprise Edition software, tracked as CVE-2024-6385, which could be leveraged for arbitrary pipeline job execution.

Further investigation of the leaked 38 TB dataset revealed links to another storage repository with 89,475 records belonging to backend technology provider Legal Connect, which shares the same parent firm as Rapid Legal.

Fraudulent JPG files have also been leveraged by ViperSoftX to deploy AutoIT scripts and the AutoIT executable, along with PowerShell scripts.

Data from 2,047 Microsoft employees has been exposed, including full names, job titles, direct and corporate phone numbers, email addresses, LinkedIn profile links, city, state, and country addresses, and company phone numbers.

Attacks by Kimsuky commenced with the distribution of Japanese security and diplomatic organization-spoofing phishing emails with a malicious ZIP file.