Security
Headlines
HeadlinesLatestCVEs

Source

DARKReading

Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyberattacks

The group's wanton attacks demonstrate that business email compromise is everything a hacker can want in one package: low risk, high reward, quick, easy, and low effort.

DARKReading
#web#google#intel
Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter

Analysts find that 98% of QNAP NAS are vulnerable to CVE-2022-27596, which allows unauthenticated, remote SQL code injection.

AppSec Playbook 2023: Study of 829M Attacks on 1,400 Websites

The total number of 61,000 open vulnerabilities, including 1,700 critical ones that have been open for 180+ days, exposes businesses to potential attacks.

Managing the Governance Model for Software Development in a No-Code Ecosystem

Forward-leading business and technology leaders are seeing the value of the "do-It-yourself" approach.

Cybersecurity Leaders Launch First Attack Matrix for Software Supply Chain Security

Current and former cybersecurity leaders from Microsoft, Google, GitLab, Check Point, OWASP, Fortinet and others have already joined the open framework initiative, which is being led by OX Security.

Discrepancies Discovered in Vulnerability Severity Ratings

Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.

Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms

An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage.

Why CISOs Should Care About Brand Impersonation Scam Sites

Enterprises often don't know whose responsibility it is to monitor for spoofed brand sites and scams that steal customers' trust, money, and personally identifiable information.

Nearly All Firms Have Ties With Breached Third Parties

The average organization does business with 11 third parties, and 98% of organizations do business with a third party who has suffered a breach, an analysis finds.