Cybersecurity News including Analytics, CISO, Cloud Security, Cybercrime, Data Security, DevOps, GRC, IoT, Social Engineering, Threats & Breaches and more.
![vulnerability zero day](png/lazy_image.png)
Google: Zero-Day Attacks Rise, Spyware and China are Dangers
The number of zero-day vulnerabilities that are exploited jumped in 2023, with enterprises becoming a larger target and spyware vendors and China-backed cyberespionage groups playing an increasingly bigger role, according to Google cybersecurity experts. In a report this week, researchers with Google’s Threat Analysis Group (TAG) and its Mandiant business ... Read More
![Checkmarx CNAPP cloud security palo alto networks Deloitte Broadcom report cloud security threat](png/lazy_image.png)
Checkmarx Aligns With Wiz to Improve Application Security
Checkmarx has integrated its platform for securing application development environments with Wiz's CNAPP ... Read More
![AI vulnerability](png/lazy_image.png)
Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework
Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, Netflix, and Cohere – giving hackers entrée to huge amounts of data and compute power. The campaign has ... Read More
![Smokey Bear / This-is-fine crossover](png/lazy_image.png)
Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data
Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit ... Read More
![SQL injection database](png/lazy_image.png)
CISA, FBI Push Software Developers to Eliminate SQL Injection Flaws
The federal government is putting pressure on software makers to ensure that their products don’t include SQL injection vulnerabilities, a longtime and ongoing threat that was put in the spotlight with last year’s far-reaching hack of Progress Software’s MOVEit managed file transfer tool. CISA and the FBI this week issued ... Read More
![supply chain, SBOM, cybersecurity, SLSA organizations third party attacks supply chain supply chain ransomware The Kill Chain Model](png/lazy_image.png)
Complex Supply Chain Attack Targets GitHub Developers
Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members. The attackers used a range of tactics and techniques, from leveraging stolen browser cookies to take over accounts ... Read More
![Scary skeletons](png/lazy_image.png)
Telegram Privacy Nightmare: Don’t Opt In to P2PL
Scary SMS shenanigans: Avoid Telegram’s new “Peer-To-Peer Login” program if you value your privacy or your cellular service ... Read More
![China cyberespionage](png/lazy_image.png)
US, UK Accuse China of Years-Long Cyberespionage Campaign
The United States, the UK, and other countries this week accused a state-sponsored Chinese threat group of running a massive global hacking campaign for more than a decade that targeted political figures, journalists, businesses, political dissidents, and elections officials to steal information and spy on targets. U.S. Attorney Breon Peace ... Read More
![data, compliance, audit Box data security, management, organizations, GDPR, Strike Force privacy, vendors, RFPs, cloud, data security DLP Iran DUMPS Conti Hackers Sandbox government HackerOne IBM data security](png/lazy_image.png)
Cybersecurity a Top Priority for Audit Committees
Audit committees consider cybersecurity their primary oversight focus as the SEC enforces tougher cyberattack disclosure regulations ... Read More
![a PRC flag flies in a stiff breeze](png/lazy_image.png)
China Steals Defense Secrets ‘on Industrial Scale’
UNC5174 ❤ UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic ... Read More