Hot Topics

Analytics & Intelligence

Why SIEM Providers should consider a Next-Gen SIEM for improved TDIR

10 Questions to Ask SIEM Providers

| | Blog, SIEM
Discover the essential questions to ask SIEM providers. Ensure you choose the right SIEM provider and solution with our comprehensive guide for effective cybersecurity. The post 10 Questions to Ask SIEM Providers ...
Blog Archives - Gurucul
phishing cybersecurity

‘Darcula’ PhaaS Campaign Sinks Fangs into Victims

| | Phishing-as-a-Service (PhaaS), postal service, RaaS
A sprawling phishing-as-a-service (PhaaS) campaign that has been running since at least last summer is using more than 20,000 fake domains to target a wide range of organizations in more than 100 ...
Security Boulevard
Closeup of person going “Shhh!”

PyPI Goes Quiet After Huge Malware Attack: 500+ Typosquat Fakes Found

| | code reuse, open source software supply chain security, PyPI, PyPI malicious packages, pypi vuln, pypi vulnerability, python, Python Malware, Python Packages, Python vulnerability, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, Software supply chain management, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, Software Supply Chain Security Weaknesses, typosquat, Typosquatting, typosquatting attacks
Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup ...
Security Boulevard
operational supply chain ICS cybersecurity critical infrastructure environment climate

Industrial Enterprise Operational Technology Under Threat From Cyberattacks

| | attack path, cyberattack, Industrial, iot, manufacturing, Operational, OT, risk
One in four industrial enterprises had to temporarily cease operations due to cyberattacks within the past year, suggesting operational technology must improve ...
Security Boulevard
Multiple, unskippable notifications

Apple OTP FAIL: ‘MFA Bomb’ Warning — Locks Accounts, Wipes iPhones

| | 2fa, 2FA bypass, 2FA Flaws, 2FA phishing, 2FA solution, 2FA/MFA, Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iCloud, Apple ID, Apple ID failure, Apple iOS, Apple iPad, Apple iPhone, bypass 2FA, MFA, MFA Bombing, mfa fatigue, MFA hacks, mfa protection, mfasecurity, Multi-Factor Authentication (MFA), OTP, OTP circumvention bot, OTP interception bot, phishing-resistant MFA, push otp, SB Blogwatch, TOTP, two-factor-authentication.2fa
Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support ...
Security Boulevard
vulnerability zero day

Google: Zero-Day Attacks Rise, Spyware and China are Dangers

| | China-linked Hackers, google-security, spyware, Zero Day Attacks
The number of zero-day vulnerabilities that are exploited jumped in 2023, with enterprises becoming a larger target and spyware vendors and China-backed cyberespionage groups playing an increasingly bigger role, according to Google ...
Security Boulevard
CNAP, severless architecture, itte Broadcom report cloud security threat

Checkmarx Aligns With Wiz to Improve Application Security

| | Checkmarx, Cloud Security, cloud workload protection, cnapp, Wiz
Checkmarx has integrated its platform for securing application development environments with Wiz's CNAPP ...
Security Boulevard
AI vulnerability

Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework

| | Artificial Intelligence (AI), Best Practices, framework, Ray, vulnerability
Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, ...
Security Boulevard
Smokey Bear / This-is-fine crossover

Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data

| | Brian J. Dunne, class action, class action lawsuit, DeleteFacebook, facebook, facebook fine, free vpn app, Ghostbusters, IAPP, Man In The Middle, man in the middle attack, man in the middle attacks, Mark Zuckerberg, Meta, mitm, MitM Attack, mitm attacks, mitm tool, mitm tools, Onavo, Onavo VPN, SB Blogwatch, Snapchat, SSL Bump, VPN
Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit ...
Security Boulevard
Apple research study, data breaches, immutable storage, backup storage, ransomware data backup

CISA, FBI Push Software Developers to Eliminate SQL Injection Flaws

| | CISA Advisory, FBI, SQL injection attack
The federal government is putting pressure on software makers to ensure that their products don’t include SQL injection vulnerabilities, a longtime and ongoing threat that was put in the spotlight with last ...
Security Boulevard
Load more

Secure Guardrails