Aggregator

Dashlane launched Credential Risk Detection, a solution that continuously monitors and detects at-risk credential activity in real-time across the workforce, whether employees use a password manager or not. The web extension-based solution is the latest Dashlane innovation that shifts credential security from passive defense to proactive protection, enabling enterprises to prevent credential-based breaches, rather than react to them. IT and security teams can’t secure what they can’t see. And while organizations and their users have … More →

The post Dashlane Credential Risk Detection prevents credential-based breaches appeared first on Help Net Security.

Trend Micro revealed today it will extend an alliance with NVIDIA to include a Morpheus platform that harnesses graphical processor units (GPUs) to apply artificial intelligence (AI) to security operations.

The post Trend Micro Extends NVIDIA Cybersecurity Alliance to Detect Threats in Real Time appeared first on Security Boulevard.

Company leadership needs to ensure technology teams are managing continuous monitoring, automated testing, and alignment with business needs across their enterprise.

虽然 MFA 等安全措施看起来很安全，但很明显，攻击者可以用相对简单的工具攻破它们。

嘶吼将举办2024年网络安全“金帽子”评选活动。

Sophisticated cyberattackers have now expanded their focus beyond front-end applications.

The post What’s a Software Supply Chain Attack? Examples and Prevention appeared first on Security Boulevard.

Like any good tool, artificial intelligence (AI) boasts a variety of use cases—but just as many risks.

The post NIST AI Risk Management Framework Explained appeared first on Security Boulevard.

Qualcomm warns of 20 flaws in its products, including a potential zero-day vulnerability, in the DSP service that impacts multiple chipsets. Qualcomm addressed 20 vulnerabilities in its products, including a potential zero-day issue tracked as CVE-2024-43047 (CVSS score 7.8). The vulnerability stems from a use-after-free bug that could lead to memory corruption. The zero-day vulnerability […]

科沃斯的 Deebot 扫地机器人会收集客户室内的照片、视频和声音去训练其 AI 模型。该公司表示客户是自愿参加其产品改进计划。但用户通过科沃斯的手机应用选择加入该计划时并不知道机器人会收集哪些数据。科沃斯的隐私政策允许全面收集客户的数据用于研究目的：客户房屋的 2D 或 3D 地图，麦克风记录的语音，摄像头拍摄的照片或视频。科沃斯还表示，客户通过应用删除的数据可能会仍然被它保留和使用。它的扫地机器人被发现存在安全漏洞，允许黑客从远处劫持机器人监视客户。网络安全研究员 Dennis Giese 去年发现一系列基础性的错误，他向该公司报告了问题，对该公司保护客户隐私的能力表示了怀疑。

Европол отчитался о проведении ежегодного полицейского хакатона EMPACT.

A vulnerability was found in Zoho ManageEngine Desktop Central. It has been rated as critical. Affected by this issue is the function getChartImage of the component CewolfServlet/MDMLogUploaderServlet. The manipulation leads to deserialization. This vulnerability is handled as CVE-2020-10189. The attack may be launched remotely. Furthermore, there is an exploit available.

Japanese tech giant Casio has suffered a cyberattack after an unauthorized actor accessed its networks on October 5, causing system disruption that impacted some of its services. [...]

Secureworks reports a 30% increase in active ransomware groups despite law enforcement efforts, with 31 new groups emerging in the past year

Data Theorem launched Code Secure, the latest evolution in application security designed to protect the software supply chain from code to deployment. Code Secure uniquely integrates Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Supply Chain Security capabilities—including Software Bill of Materials (SBOM) management—into a comprehensive product offering. This solution offers application security teams dynamically verified insights into vulnerabilities, open-source dependencies, and the overall software composition, encompassing both first and third-party components. By … More →

The post Data Theorem Code Secure helps security and DevOps teams secure their software appeared first on Help Net Security.

A vulnerability classified as critical was found in ireadercity 100 Books 3.0.2. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-7493. The attack needs to be initiated within the local network. There is no exploit available.

Специалисты дали прогноз на пятилетку в сфере онлайн-торговли.