Aggregator

近日，一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。

Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. [...]

A vulnerability, which was classified as problematic, was found in Google Nearby. Affected is an unknown function of the component Quickshare. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-10668. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Threat actors are becoming increasingly creative, using vulnerabilities to infiltrate organizations in ways that might not immediately raise alarms. Veriti’s research team recently discovered a targeted email campaign utilizing CVE-2024-38213, cleverly disguised to appear associated with the Gas Infrastructure Europe (GIE) Annual Conference in Munich. By taking advantage of this vulnerability, attackers managed to bypass […]

The post CVE-2024-38213: From Crumbs to Full Compromise in a Stealthy Cyber Attack  appeared first on VERITI.

The post CVE-2024-38213: From Crumbs to Full Compromise in a Stealthy Cyber Attack  appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, has been found in Jetpack Plugin on WordPress. This issue affects some unknown processing of the component REST Endpoint. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2024-9926. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

AppOmni announced a partnership that combines the company’s Zero Trust Posture Management (ZTPM) solution with Cisco’s Security Service Edge (SSE) technology suite.

The post AppOmni and Cisco Partner to Extend SaaS Security with End-to-End Zero Trust From Endpoint to the Application appeared first on AppOmni.

The post AppOmni and Cisco Partner to Extend SaaS Security with End-to-End Zero Trust From Endpoint to the Application appeared first on Security Boulevard.

Stop chasing false positives in your self-hosted instances. With GitGuardian's custom host for validity checks, security teams get real-time insights to prioritize active threats, reduce noise, and prevent costly breaches.

The post Prevent Security Breaches in Self-Hosted Environments with GitGuardian’s Custom Host for Validity Checks appeared first on Security Boulevard.

A vulnerability classified as problematic was found in Safe SVG Plugin up to 2.2.5 on WordPress. This vulnerability affects the function wp_handle_upload. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-8378. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Всего один звонок, и ваши данные – больше не ваши.

Valid card data is highly sought-after on the cybercrime underground. In fact, it’s helping to drive a global epidemic in payment fraud predicted to reach $40bn by 2026. In a bid to stem losses, the card industry created the Payment Card Industry Data Security Standard (PCI DSS) over two decades ago. No organization that processes, transmits or stores card data can afford to ignore it. Yet compliance can be onerous.

The post A Beginner’s Guide to PCI DSS 4.0: Requirements 1-4 appeared first on Security Boulevard.

CloudShovel是一款针对AMI的敏感信息泄露检测与保护工具，可以在公共或私有 Amazon 系统映像 (AMI) 中搜索是否存在敏感信息泄露的情况。

As organizations prioritize IT security and efficiency, the concept of "shifting left" has gained momentum across both security and service management. Traditionally, many IT security and IT Service Management (ITSM) practices have focused on reactive measures—identifying and remediating issues after they arise post-event. However, with the rapid shift toward DevSecOps and a need for proactive protection and resiliency in a complex threat landscape, the "shift left" paradigm is empowering teams to address security and compliance from the beginning of the software development and operations cycle. 

The post Shifting Left for Proactive IT Security and ITSM appeared first on Security Boulevard.

Операция длилась месяцы, пока её следы не обнаружили спецслужбы.

Fortinet announced the expansion of GenAI capabilities across its product portfolio with the launch of two new integrations with FortiAI, Fortinet’s AI-powered security assistant that uses GenAI to guide, simplify, and automate security analyst activities. “Our commitment to AI innovation is reflected in our expansion of generative AI, which now enhances seven different products across our portfolio,” said John Maddison, CMO at Fortinet. “By integrating FortiAI in such a broad range of solutions, we’re equipping … More →

The post Fortinet expands GenAI capabilities across its portfolio with two new additions appeared first on Help Net Security.

Establishing realistic, practitioner-driven processes prevents employee burnout, standardizes experiences, and closes many of the gaps exposed by repeated one-offs.

GenAI has become more prevalent, making it essential for security teams to know which threat adversaries are using GenAI, and how exactly they are using it. Recognized AI threat researcher and expert Rachel James collaborated with Tidal Cyber to add the latest weekly threat intelligence content to the Tidal Cyber knowledge base.

The post Adversary AI Threat Intelligence Content Added to the Tidal Cyber Knowledge Base appeared first on Security Boulevard.

Malwarebytes announced the acquisition of AzireVPN, a renowned privacy-focused VPN provider. Malwarebytes has long been a defender of user privacy through its portfolio of consumer solutions, including Malwarebytes Privacy VPN and its free ad and scam blocker web extension Malwarebytes Browser Guard. This acquisition further supports the company’s mission to reimagine consumer cybersecurity to protect devices and data, no matter where users are located, how they work and play, or the size of their wallet. … More →

The post Malwarebytes acquires AzireVPN to boost security for customers appeared first on Help Net Security.

Permiso today made available three additional tools under an open-source license that make it simpler to secure cloud computing environments.

The post Permiso Adds Three More Open Source Cybersecurity Tools appeared first on Security Boulevard.