Security Affairs

SEPTEMBER 11, 2023

Google rolled out emergency security updates to address a new Chrome zero-day (CVE-2023-4863) actively exploited in the wild. The vulnerability, tracked as CVE-2023-4863, is the fourth actively exploited zero-day fixed by Google in 2023. The flaw CVE-2023-4863 is a critical heap buffer overflow that resides in the WebP.

Architecture 133

Architecture Engineering Hacking Information Security 133

CyberSecurity Insiders

MAY 17, 2023

by John Spiegel, Director of Strategy, Axis Security Gartner just released the 2023 version of their “Magic Quadrant” for Secure Service Edge or SSE. ” Or said another way, “architecture matters”. The post Architecture Matters When it Comes to SSE appeared first on Cybersecurity Insiders. Ask the critical questions.

Architecture 136

Architecture Engineering Marketing Internet 136

Security Boulevard

JULY 12, 2023

Our thanks to BSides Knoxville for publishing their presenter’s outstanding BSides Knoxville 2023 content on the organizations’ YouTube channel. Permalink The post BSides Knoxville 2023 – Hudson Bush – Enterprise Security Architecture Isn’t Just For Enterprises Anymore appeared first on Security Boulevard.

Architecture 75

Architecture CISO Education Risk 75

Schneier on Security

SEPTEMBER 20, 2023

million in 2023, with more than 750,000 of those positions in the U.S. In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage: Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures.

Cybersecurity 337

Cybersecurity Engineering CISO Architecture 337

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. More than a third (39%) used the microservice architecture. Server-Side Request Forgery (SSRF) The popularity of the cloud and microservice architectures is on the rise.

Passwords 140

Passwords Authentication Architecture Risk 140

Jane Frankland

NOVEMBER 20, 2023

My Predictions for Cybersecurity in 2023 were… Technology enables opportunities as fast as it introduces threats. Here are my predictions for 2023. Types of attacks. Sustainability. More companies will be focused on sustainability.

Cybersecurity 130

Cybersecurity Digital transformation Artificial Intelligence Architecture 130

SecureList

MAY 11, 2023

Although early 2023 saw a slight decline in the number of ransomware attacks, they were more sophisticated and better targeted. Later, we encountered a version of BlackBasta that targeted ESXi environments, and the most recent version that we found supported the x64 architecture. In 2022, Kaspersky solutions detected over 74.2M

Ransomware 139

Ransomware Malware Architecture Telecommunications 139

Adam Shostack

JANUARY 2, 2025

External changes will be driving appsec in 2023. 2023 brings new challenges and new opportunities for software companies, and all companies are now software companies. Were also likely to see requirements for architecture diagrams. For example, the FDAs latest pre-market cyber draft includes: [Architecture views including].Detailed

Engineering 130

Engineering Software Architecture Manufacturing 130

PCI perspectives

MARCH 15, 2023

Following its annual Special Interest Group (SIG) election process, the PCI Security Standards Council has confirmed the winning SIG topic for 2023. The Council’s Participating Organizations voted to select “Scoping and Segmentation for Modern Network Architectures” as the focus for the year ahead.

Architecture 110

Architecture 110

Cisco Security

JUNE 13, 2024

According to AppOmni’s 2023 State of SaaS Security report, 79% of organizations reported a SaaS security incident during the preceding 12-month period. As enterprises incrementally store and process more sensitive data in SaaS applications, it is no surprise that the security of these applications has come into greater focus.

Architecture 106

Architecture 106

The Last Watchdog

DECEMBER 16, 2024

Carignan Nicole Carignan , Vice President of Strategic Cyber AI, Darktrace If 2023 was the year of generative AI and 2024 the year of AI agents, 2025 will spotlight multi-agent systems, or agent swarms. These systems promise innovation but also introduce risks.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

CyberSecurity Insiders

JANUARY 6, 2023

Here are the five challenges that will alter the industry in 2023: Zero trust will replace perimeter security. In fact, Gartner reports that zero-trust network access will remain the fastest-growing segment in network security, with growth of 36 percent in 2022 and 31 percent anticipated in 2023.

Cybersecurity 138

Cybersecurity Manufacturing Education Technology 138

CyberSecurity Insiders

DECEMBER 18, 2022

A look ahead to 2023 we can expect to see changes in MFA, continued Hactivism from non-state actors, CISOs lean in on more proactive security and crypto-jackers will get more savvy. In 2023, crypto-jackers will get more savvy and we might start to see the detrimental effects of what is usually considered inevitable or negligible.

Cybersecurity 125

Cybersecurity CISO Insurance Ransomware 125

SecureList

JANUARY 23, 2023

The first part of this report is devoted to the most current threats any SOC is likely to face in 2023. They are closely intertwined with the threats looming over corporations in 2023, as only an effectively organized team can safeguard business against rapidly evolving malware and attack methods.

Government 124

Government Media Social Engineering Ransomware 124

eSecurity Planet

OCTOBER 18, 2024

Meanwhile, according to non-profit trade association CompTIA’s Cyberseek tool, nearly half a million cybersecurity jobs were open between May 2023 and April 2024 in the U.S., Knowledge of cloud systems architecture and how it interacts with various devices is invaluable. Salary: $150,000 to $225,000, Mondo.

Cybersecurity 126

Cybersecurity Artificial Intelligence Penetration Testing CISO 126

Penetration Testing

JANUARY 4, 2024

Built on a robust SQL Database-centric architecture, Ignition transformed the SCADA landscape with its cross-platform web-based deployment through... The post Researcher Exposes Inductive Automation Ignition Vulnerabilities: CVE-2023-39475 & 39476 appeared first on Penetration Testing.

Penetration Testing 90

Penetration Testing Architecture Software 90

Security Boulevard

APRIL 18, 2023

To combat these threats, organizations must adopt a Zero Trust architecture that significantly minimizes the attack surface, prevents compromise, and reduces the blast radius in case of a successful attack. To learn more about the latest phishing threats and how to protect your organization, download the 2023 ThreatLabz Phishing Report today.

Phishing 122

Phishing Social Engineering Education Retail 122

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. In the first half of 2023, 97.91% of password brute-force attempts registered by our honeypots targeted Telnet, and only 2.09%, SSH.

IoT 135

IoT DDOS Passwords Malware 135

Schneier on Security

AUGUST 8, 2022

NIST was poised to make final algorithm selections in 2022, with a plan to have a draft standard available for public comment in 2023. It took a couple of decades to fully understand von Neumann computer architecture; expect the same learning curve with quantum computing. Cryptanalysis over the competition was brutal.

Encryption 359

Encryption Architecture Engineering Information Security 359

Security Boulevard

JULY 14, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 Intro appeared first on Security Boulevard.

Architecture 93

Architecture CISO Education Risk 93

eSecurity Planet

OCTOBER 9, 2023

This vulnerability, identified as CVE-2023-42793 , can give unauthenticated attackers remote code execution (RCE) abilities without requiring user input by exploiting an authentication bypass flaw. The problem: Arm has issued a security alert on CVE-2023-4211 , an actively exploited vulnerability in its Mali GPU drivers.

Architecture 105

Architecture Ransomware Software Accountability 105

InfoWorld on Security

OCTOBER 28, 2022

Most enterprises now realize they must fix many architectural and implementation mistakes, as well as keep pace with the rapid growth of multicloud and more complex cloud computing systems. Both need to be mitigated with sound planning and good architecture. For many enterprises, the ROI for cloud computing is nowhere to be found.

Architecture 111

Architecture Marketing Risk 111

The Hacker News

FEBRUARY 9, 2024

Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023. The backdoor, codenamed RustDoor by Bitdefender, has been found to impersonate an update for Microsoft Visual Studio and target both Intel and Arm architectures.

Architecture 145

Architecture 145

CyberSecurity Insiders

DECEMBER 6, 2022

Netwrix, a cybersecurity vendor that makes data security easy, today released key IT security trends that will affect organizations of all sizes in 2023. Here are five specific trends for 2023 that you need to be aware of: The business of cybercrime will be further professionalized. For more information, visit www.netwrix.com.

Cybersecurity 116

Cybersecurity Cybercrime Social Engineering Risk 116

Security Boulevard

AUGUST 5, 2023

Thanks are in order to BSides Leeds for publishing their presenter’s outstanding BSides Leeds 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Leeds 2023 – Saskia Coplans – Outsourcing Development appeared first on Security Boulevard.

Architecture 98

Architecture CISO Education Risk 98

The Hacker News

SEPTEMBER 11, 2023

Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR

Architecture 145

Architecture Engineering 145

Security Boulevard

JULY 15, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Peter Kirkov, e-Government – Keynote appeared first on Security Boulevard.

Government 98

Government Architecture CISO Education 98

Security Boulevard

AUGUST 6, 2023

Thanks are in order to BSides Leeds for publishing their presenter’s outstanding BSides Leeds 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Leeds 2023 – Charles Bain – Fawlty Towers appeared first on Security Boulevard.

Architecture 96

Architecture CISO Education Risk 96

Security Boulevard

JULY 17, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Evgeni Saber – Advanced Enterprise Vulnerability appeared first on Security Boulevard.

Architecture 98

Architecture CISO Education Risk 98

Security Boulevard

JULY 27, 2023

Thanks are in order to BSides Leeds for publishing their presenter’s outstanding BSides Leeds 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Leeds 2023 – Peter Jones – Practical Blue Teaming appeared first on Security Boulevard.

Architecture 98

Architecture CISO Education Risk 98

Security Boulevard

AUGUST 3, 2023

Thanks are in order to BSides Leeds for publishing their presenter’s outstanding BSides Leeds 2023 security content on the organizations’ YouTube channel. Permalink The post BSides Leeds 2023 – Dan Cannon – Red Red Whine appeared first on Security Boulevard.

Architecture 97

Architecture CISO Education Risk 97

Security Boulevard

JULY 21, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Georgi Gerganov – Keytap Acoustic Keyboard Eavesdropping appeared first on Security Boulevard.

Architecture 98

Architecture CISO Education Risk 98

Security Boulevard

JULY 18, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Radoslav Gerganov – Hyundai Head Unit Hacking appeared first on Security Boulevard.

Hacking 97

Hacking Architecture CISO Education 97

eSecurity Planet

SEPTEMBER 5, 2023

August 28, 2023 Ransomware Group Exploits Citrix NetScaler Vulnerability In July, Citrix released a patch for a critical remote code execution vulnerability ( CVE-2023-3519 ), which affected the company’s NetScaler ADC and NetScaler Gateway products and carried a severity rating of 9.8 out of 10 on the CVSS vulnerability scale.

VPN 105

VPN Authentication Ransomware Antivirus 105

Security Boulevard

JULY 16, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Vasil Velichkov – Hacking Attacks Against Government Institutions appeared first on Security Boulevard.

Government 97

Government Hacking Architecture CISO 97

Security Boulevard

JUNE 9, 2023

On 31-May-2023, Progress Software disclosed a critical vulnerability CVE-2023-34362 in the MOVEit application. As of 7 June 2023, there were roughly 2,500 instances of MOVEit Transfer exposed to the public internet. It connects to the database and offers data exfil functionality based on a provided X-siLock-Step1 header.

Software 103

Software Internet Internet Malware 103

Security Boulevard

JULY 17, 2023

Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel. Permalink The post BSides Sofia 2023 – Daniela Shalev – Hunting Unsigned DLLs To Find APT appeared first on Security Boulevard.

Architecture 98

Architecture CISO Education Risk 98