The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets. A breach that reportedly exposed data on millions of passengers of two Lion Air airline subsidiaries is another example of the massive exposure that organizations face from leaving data
Moore has built a network asset discovery tool that wasn’t intended to be a pure security tool, but it addresses a glaring security problem. HD Moore, famed developer of the wildly popular Metasploit penetration testing tool, is about to go commercial with a new project he originally envisioned would give him a nice break from
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security. DevOps has reached a point in its adoption at which it influences the way organizations approach software security. Many businesses have implemented an engineering-led security culture to establish and grow software security efforts,
Enterprise Vulnerabilities From DHS/US-CERT’s National Vulnerability Database CVE-2019-15032PUBLISHED: 2019-09-19 Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information. CVE-2019-15033PUBLISHED: 2019-09-19 Pydio
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
The nature of spearphishing attacks has drastically evolved: We’ve moved from crudely written, poorly spelled scattergun operations to highly targeted campaigns that leverage knowledge about the victim to increase the attacker’s chances of success. Once a focused attack
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering. Identity management company Ping Identity today announced its initial public offering of 12.5 million shares of common stock at a public price of $15 per share, raising $187.5 million in its IPO. The firm is scheduled to
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
Let’s pretend you have offensive security skills and you want to use them for gainful employment. You attend a job interview and you listen to the benefits of what this company has to offer. First of all, most
Symantec identifies new ‘Tortoiseshell’ nation-state group as the attackers. In what appears to be a coordinated and targeted cyber espionage campaign, the networks of several major IT providers in Saudi Arabia were attacked in the past year as a stepping-stone to the attackers’ ultimate targets in that region. Researchers at Symantec say the attackers have
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets. “People make mistakes” is a common and relatable phrase, but it’s also a malicious one in the hands of cybercriminals, more of whom are exploiting simple human errors to launch successful attacks. The Information Security Forum (ISF) explored the topic in “Human-Centered