Security
Headlines
HeadlinesLatestCVEs

Source

DARKReading

CompTIA Supports Department of Defense Efforts to Strengthen Cyber Knowledge and Skills

DARKReading
#intel
5 Hard Truths About the State of Cloud Security 2024

Dark Reading talks cloud security with John Kindervag, the godfather of zero trust.

Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug

Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.

Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

An utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.

Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update

The company reports most systems are functioning again but that analysis of the data affected will take months to complete.

Lessons for CISOs From OWASP's LLM Top 10

It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line.

US Gov Slaps Visa Restrictions on Spyware Honchos

The State Department can now deny entrance to the US for individuals accused of profiting from spyware-related human rights abuses, and their immediate family members.

Russia's Fancy Bear Pummels Windows Print Spooler Bug

The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America.

Teetering on the Edge: VPNs, Firewalls' Nonexistent Telemetry Lures APTs

State-sponsored groups are targeting critical vulnerabilities in virtual private network (VPN) gateways, firewall appliances, and other edge devices to make life difficult for incident responders, who rarely have visibility into the devices.

Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity Pros

Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms — and in some cases, individual consultants — to obtain licenses to do business, but concerns remain.