Attack automation becomes a prevalent threat against APIs
The second half of 2022 marked a significant turning point in the security landscape. In several high-profile incidents, application programming interfaces (APIs) emerged as a primary attack vector, posing a new and significant threat to organization.....»»
Google halts its 4-plus-year plan to turn off tracking cookies by default in Chrome
A brief history of Google's ideas, proposals, and APIs for cookie replacements. Enlarge / Google, like most of us, has a hard time letting go of cookies. Most of us just haven't created a complex set of APIs and brokered deals ac.....»»
Microsoft Copilot is fairly relaxed about trademark use
While AI is under attack from copying existing works without permission, the industry could end up getting into more legal trouble over trademarks.Images created by Microsoft's CopilotThe rise in interest in generative AI has also led to an increase.....»»
Room-temperature defluorination method uses light to clean up forever chemicals
Perfluoroalkyl substances (PFAS), nicknamed "forever chemicals," pose a growing environmental and health threat. Since the invention of Teflon in 1938, PFAS and perfluorinated polymers or PFs have been widely used for their exceptional stability and.....»»
"Dark leadership" is a threat to Canada"s tourism industry, say researchers
It's summer and that means high season and busy times for the tourism sector. According to the United Nations World Tourism Organization, more than 285 million tourists traveled internationally from January to March 2024, an increase of about 20% com.....»»
Ketch No-Code Rights Automation empowers non-technical teams to manage DSR requests
Ketch launched its No-Code Rights Automation product, designed to make it easy for non-technical teams to comply with consumer requests for data deletion and access. This includes the full business process from receiving the consumer request, to pull.....»»
The changes in the cyber threat landscape in the last 12 months
When it comes to the cyber threat landscape, change is the only constant: the inevitable interplay between cybercriminals and law enforcement agencies makes it inevitable. Europol’s recently released Internet Organised Crime Threat Assessment (.....»»
Hacker thought to be behind to MGM attack arrested by UK police
A 17-year-old boy from Walsall arrested and released on bail as police continue investigation......»»
Ad-injecting malware posing as DwAdsafe ad blocker uses Microsoft-signed driver
ESET Research has discovered a sophisticated Chinese browser injector: a signed, vulnerable, ad-injecting driver from a mysterious Chinese company. This threat, which ESET dubbed HotPage, comes self-contained in an executable file that installs its m.....»»
Shuffle Automation: Open-source security automation platform
Shuffle is an open-source automation platform designed by and for security professionals. While security operations are inherently complex, Shuffle simplifies the process. It’s designed to integrate with Managed Security Service Providers (MSSP.....»»
Washington DC among US cities most vulnerable to space weather, scientists say
Several cities in the United States—including the nation's capital—have power grids particularly vulnerable to the threat of space weather—but experts are still trying to understand why......»»
CISOs must shift from tactical defense to strategic leadership
Cyber threats are advancing quickly in size and sophistication, largely because of the rapid evolution of technology, increasing sophistication of cyber attackers, and the expansion of attack surfaces through interconnected systems and devices, accor.....»»
Radical anti-feminism the most prevalent form of violent extremism in Australia, report finds
Nearly 20% of Australian men believe that feminism should be violently resisted, if necessary, new research from the University of Melbourne and the University of Queensland has found......»»
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)
A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers. Several PoC exploits have been published, including one.....»»
Signatures should become cloud security history
It’s becoming evident that the legacy practice of signature-based threat detection needs to be improved for cloud security challenges. In this Help Net Security video, Jimmy Mesta, CTO at RAD Security, discusses a new proposed standard for crea.....»»
Vulnerability in Cisco Smart Software Manager lets attackers change any user password
Yep, passwords for administrators can be changed, too. Enlarge Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, in.....»»
Invicti API Security uncovers hidden and undocumented APIs
Invicti announced Invicti API Security, merging comprehensive API discovery with proactive security testing into a single solution. The growth of service-based architectures has driven an explosion in APIs, creating yet another expanding attack surfa.....»»
Can digital payments help countries adapt to climate change?
For thousands of farmers in the Philippines, climate change is a direct threat to their livelihoods......»»
Rezonate boosts security for both human and non-human identities
Rezonate unveiled unified coverage from human to non-human identity security (NHI) with comprehensive capabilities: identity inventory and visibility, security posture, compliance, and identity threat detection and response (ITDR). The platform is ta.....»»
Druva unveils data security capabilities to accelerate incident response
Druva announced new capabilities to help its customers accelerate the investigation and remediation of cyber threats. The new Threat Hunting capability empowers IT and security teams to search their global data footprint for indicators of compromise.....»»
Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Tre.....»»