A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal cybersecurity laws to address the security failures. This includes a larger role for CISA to conduct threat hunting.
The Python Software Foundation is issuing updates for Python 3.9.2 and 3.8.8 to address critical security vulnerabilities, including a remote code execution vulnerability that can be exploited to shut down systems.
A newly-discovered phishing campaign posts harvested credentials using the Telegram messaging app's application programming interface to bypass secure email gateways, report researchers at the Cofense Phishing Defense Center.
SonicWall was recently attacked via a zero-day flaw in one of its own products. Curiously, SonicWall hasn't said much about the extent and damage of the breach since its announcement. But there are strong indications it may have been targeted by an extortion attempt.
Autonomous vehicle manufacturers are advised to adopt security-by-design models to mitigate cybersecurity risks, as artificial intelligence is susceptible to evasion and poisoning attacks, says a new ENISA report.
Security firms Crowdstrike, Palo Alto Networks and Sailpoint are making acquisitions to bolster their product portfolios. Here's a rundown of the deals.
A remote code vulnerability in the Android version of the file-sharing app SHAREit could allow hackers to tamper with the app's permissions, enabling them to steal sensitive data, reports security firm Trend Micro.
The Biden administration is reviewing former President Donald Trump's policies addressing potential national security and cybersecurity concerns about Chinese-owned companies as it develops new plans for dealing with a wide range of issues tied to China.
French cybersecurity authorities are warning that widely used, open-source IT monitoring software called Centreon appears to have been hit by Russian hackers. But unlike the SolarWinds supply chain attack, in this campaign, attackers appear to have hacked outdated, unpatched versions of the software.
Remote business operations and distributed workforce has triggered an urgency for deploying new technologies, applications and cloud-native solutions. There is a lack of cohesion between threat response and implementing new security policies and configurations, and a resulting lack of essential context that shapes...
Automating security has become fundamental to supporting the speed-to-market requirements of modern application development environments. Because these environments vary across teams and organizations, security tooling must be flexible enough to enable the adaptation of security automation based on specific workflows...
SAP has issued a patch and remediation advice for a critical remote code execution vulnerability in its SAP Commerce product that could, if exploited, disrupt the entire system.
E-commerce and fraud - they evolved and grew together in 2020, and it's time for fraud defenses to do the same. Smriti Jaggi of F5 details how to deploy a multi-layered fraud defense without adding extra friction to the process.
Today, bots are a hot topic; one that affects all web applications.
As a result, many vendors are trying to latch onto this trend by claiming to have the ability to identify and mitigate bots. It’s only natural that you’ll want to evaluate the claims of these vendors.
Use these 13 Questions to help...
Your data is the most valuable resource on the planet.
Download this whitepaper to learn how digital transformation is creating new challenges for data security, where you should apply more effective security controls, and what an “Edge-to-End” security posture brings to the modern enterprise.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
