Hi, what are you looking for?
Zach Lanier, senior security researcher at Duo Security, talks to Ryan Naraine about a gaping hole in the way two-factor authentication is implemented in the PayPal mobile app (iOS and Android). Because of this bypass, an attacker with a PayPal user’s username and password, even if it is a two-factor-enabled account, can access the account and transfer money — all without two-factor being enforced.
Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud, and edge.
How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.
Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the password dependency cycle. But how can this be done?
Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make for successful board members.
A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.
VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.
Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.
Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.
Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.
Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.
Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.
Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.
Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.
