Aggregator

Sophisticated cyberattackers have now expanded their focus beyond front-end applications.

The post What’s a Software Supply Chain Attack? Examples and Prevention appeared first on Security Boulevard.

Like any good tool, artificial intelligence (AI) boasts a variety of use cases—but just as many risks.

The post NIST AI Risk Management Framework Explained appeared first on Security Boulevard.

Qualcomm warns of 20 flaws in its products, including a potential zero-day vulnerability, in the DSP service that impacts multiple chipsets. Qualcomm addressed 20 vulnerabilities in its products, including a potential zero-day issue tracked as CVE-2024-43047 (CVSS score 7.8). The vulnerability stems from a use-after-free bug that could lead to memory corruption. The zero-day vulnerability […]

科沃斯的 Deebot 扫地机器人会收集客户室内的照片、视频和声音去训练其 AI 模型。该公司表示客户是自愿参加其产品改进计划。但用户通过科沃斯的手机应用选择加入该计划时并不知道机器人会收集哪些数据。科沃斯的隐私政策允许全面收集客户的数据用于研究目的：客户房屋的 2D 或 3D 地图，麦克风记录的语音，摄像头拍摄的照片或视频。科沃斯还表示，客户通过应用删除的数据可能会仍然被它保留和使用。它的扫地机器人被发现存在安全漏洞，允许黑客从远处劫持机器人监视客户。网络安全研究员 Dennis Giese 去年发现一系列基础性的错误，他向该公司报告了问题，对该公司保护客户隐私的能力表示了怀疑。

Европол отчитался о проведении ежегодного полицейского хакатона EMPACT.

A vulnerability was found in Zoho ManageEngine Desktop Central. It has been rated as critical. Affected by this issue is the function getChartImage of the component CewolfServlet/MDMLogUploaderServlet. The manipulation leads to deserialization. This vulnerability is handled as CVE-2020-10189. The attack may be launched remotely. Furthermore, there is an exploit available.

Japanese tech giant Casio has suffered a cyberattack after an unauthorized actor accessed its networks on October 5, causing system disruption that impacted some of its services. [...]

Secureworks reports a 30% increase in active ransomware groups despite law enforcement efforts, with 31 new groups emerging in the past year

Data Theorem launched Code Secure, the latest evolution in application security designed to protect the software supply chain from code to deployment. Code Secure uniquely integrates Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Supply Chain Security capabilities—including Software Bill of Materials (SBOM) management—into a comprehensive product offering. This solution offers application security teams dynamically verified insights into vulnerabilities, open-source dependencies, and the overall software composition, encompassing both first and third-party components. By … More →

The post Data Theorem Code Secure helps security and DevOps teams secure their software appeared first on Help Net Security.

A vulnerability classified as critical was found in ireadercity 100 Books 3.0.2. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-7493. The attack needs to be initiated within the local network. There is no exploit available.

Специалисты дали прогноз на пятилетку в сфере онлайн-торговли.

DAST is an essential part of a nutritious application security diet—not just a once-a-quarter treat.

The post Don’t Treat DAST Like Dessert appeared first on Security Boulevard.

Natural disasters often bring out the best in people, with communities and organizations coming together to help those in need. Unfortunately, they also present opportunities for cybercriminals looking to exploit the chaos for financial gain. With Hurricane Helene and other recent hurricanes affecting Florida, Veriti’s research team has identified several emerging cyber threats targeting vulnerable […]

The post Exploiting Hurricane Helene with FEMA Scams and Phishing Threats  appeared first on VERITI.

The post Exploiting Hurricane Helene with FEMA Scams and Phishing Threats  appeared first on Security Boulevard.

A vulnerability classified as critical has been found in Tejonstore Secretos de belleza 1. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7492. The attack needs to be done within the local network. There is no exploit available.

Компания уже проводит внутреннее расследование, пытаясь оценить ущерб.

OTAVA introduced the OTAVA S.E.C.U.R.E. Score to help businesses further improve their security posture. The S.E.C.U.R.E. Score is a dynamic metric that assesses vulnerabilities, and makes recommendations on how to close security gaps and minimize risk. The S.E.C.U.R.E. acronym stands for Shrink, Examine, Contain, Undo, Recover, and Evaluate – the incremental steps to understanding areas of vulnerability, and how to protect businesses from evolving and escalating cyber threats. “Businesses continue to face increasing threats of … More →

The post OTAVA S.E.C.U.R.E. Score simplifies cybersecurity strategy for businesses appeared first on Help Net Security.

Malware has been a constant presence in the digital landscape, evolving from simple viruses to sophisticated, multistage attacks that can cripple entire organizations. As businesses grow more dependent on digital infrastructure, threat actors have adapted their techniques to exploit vulnerabilities in complex systems...