Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

The US Needs a Better Energy Grid to Win the AI Arms Race

The longer we avoid reform, the further behind we'll fall in AI innovation — and the more vulnerable we'll be.

DARKReading
Open in Source
#google#intel#auth
Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shake-up is needed in terms of the way we approach identity security both from a strategic but also a technology vantage point.  Identity security is more than just provisioning access  The conventional view

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability impacting SharePoint that could result

Millions of iOS and Android Users at Risk as Popular Apps Expose Cloud Keys

Millions of iOS and Android users are at risk after Symantec discovered that popular apps contain hardcoded, unencrypted…

The Global Surveillance Free-for-All in Mobile Ad Data

Not long ago, the ability to remotely track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites.

Threat Spotlight: WarmCookie/BadSpace

WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.

Highlighting TA866/Asylum Ambuscade Activity Since 2021

TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020.

Think You’re Secure? 49% of Enterprises Underestimate SaaS Risks

It may come as a surprise to learn that 34% of security practitioners are in the dark about how many SaaS applications are deployed in their organizations. And it’s no wonder—the recent AppOmni 2024 State of SaaS Security Report reveals that only 15% of organizations centralize SaaS security within their cybersecurity teams. These statistics not only highlight a critical security blind spot,

Dutch Police Infiltrate Telegram Groups, Arrest 4 for Illegal Data Trading

Dutch police arrested four individuals for selling stolen personal data via Telegram groups, seizing devices and firearms in…

GHSA-hhxg-rvc9-8726: camaleon_cms affected by cross site scripting

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.