Aggregator

Email Security / VulnerabilityCybersecurity researchers are warning about active exploitation atte

Как «зелёный мессенджер» отстаивает права пользователей на конфиденциальность?

A vulnerability was found in Wireshark 3.6.0. It has been classified as problematic. This affects an unknown part of the component Kafka Dissector. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2021-4190. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Wireshark up to 3.4.11/3.6.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component CSN.1 Dissector. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-0582. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.1.92/6.6.32/6.8.11/6.9.2 and classified as critical. Affected by this issue is the function rcu_dereference_protected in the library net/bridge/br_private.h. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-36979. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Metomic released its Data Classification solution, making it possible to discover, classify and secure sensitive data at scale across Google Workspaces. Metomic’s latest innovation is an AI-powered tool that automates complex data management workflows, enabling IT and security teams to maintain control of their data while also ensuring data compliance across cloud-based storage and SaaS environments. Without accurate data classification, businesses can’t prioritize risk, address vulnerabilities or implement effective security measures at scale downstream. With … More →

The post Metomic Data Classification automates complex data management workflows appeared first on Help Net Security.

The Rhadamanthys information stealer has been upgraded with advanced features, including the use of artificial intelligence (AI) for optical character recognition (OCR). Researchers at the Recorded Future’s Insikt group have documented the evolution of the Rhadamanthys info stealer. The malware was first identified in 2022, and since then it has been upgraded with advanced features, […]

A vulnerability, which was classified as critical, was found in brainabundance brain abundance info 0.1. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-7328. The attack needs to be initiated within the local network. There is no exploit available.

Раскрыта схема обмана американцев индийскими колл-центрами.

Supply Chain Attack / CryptocurrencyA new set of malicious packages has been unearthed in the Pyth

PlexTrac announced significant enhancements to its platform. These updates are designed to help enterprises and security service providers harness proactive security by offering business context, automating risk scoring to focus on what matters most, streamlining remediation workflows with event-driven interoperability, and measuring the effectiveness of proactive security measures in mitigating risk over time. These new capabilities allow customers and partners to make significant strides in automating the Continuous Threat Exposure Management (CTEM) lifecycle as part … More →

The post PlexTrac unveils new capabilities to prioritize proactive security remediation appeared first on Help Net Security.

Concentric AI announced an AI-based DSPM functionality that identifies data access and activity risk from Copilot requests. With this launch, enterprises can now for leverage AI-driven DSPM to track, monitor and seamlessly enforce access governance around Copilot activity and abnormal user requests, as well as remediate those scenarios to prevent data loss. “Enterprises looking to roll out Copilot are worried that sensitive data can be accessed inappropriately by end users from all of these interactions,” … More →

The post Concentric AI helps monitor and remediate risky Copilot activity appeared first on Help Net Security.

Свобода слова против организованной преступности - кто победит?

A vulnerability classified as very critical has been found in Adobe Flash Player up to 11.2.202.632/18.0.0.366/22.0.0.211. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2016-6930. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in phpBG and classified as critical. Affected by this vulnerability is an unknown functionality of the file intern/config/key_2.php. The manipulation of the argument rootdir leads to improper input validation. This vulnerability is known as CVE-2007-4636. The attack can be launched remotely. Furthermore, there is an exploit available.

4 min read Just when I thought I was out, they (non-human identities and a young startup named Aembit) pulled me back in.

The post Why I Came Out of (Pseudo) Retirement to Help Solve the Non-Human Identity Challenge as Aembit’s CISO appeared first on Aembit.

The post Why I Came Out of (Pseudo) Retirement to Help Solve the Non-Human Identity Challenge as Aembit’s CISO appeared first on Security Boulevard.

Despite slower hiring trends and tighter budgets, chief information security officer (CISO) compensation continues to rise, with the average U.S.-based CISO earning $565K, and top earners exceeding $1 million.

The post Average CISO Compensation Tops $500K appeared first on Security Boulevard.

Harmonic Security has secured $17.5 million in Series A funding to bring its “zero-touch data protection” capabilities to enterprises. Total funding has now reached more than $26 million since the company launched in October last year with enterprise customers already in double figures. Harmonic Security has built a completely new approach to data protection using pre-trained, specialized language models. The Series A round is being led by Next47, a leading venture capital firm that has … More →

The post Harmonic Security raises $17.5 million to improve data security for organizations appeared first on Help Net Security.