Cybersecurity News, Awards, Webinars, eSummits, Research

The ChatGPT ‘black box’ problem

Steve ZurierMay 26, 2023

If ChatGPT were poisoned for months, would we know about it?

WHITEPAPER

Wanted: A Few Good Threat Hunters

PODCASTS

RESOURCES

FEATURED

Macro computer screen shot with binary code and password text.

KeePass bug lets attackers extract the master password from memory

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Identity and access

OneMain pays $4.5M after ignored security flaws caused data breaches

Jessica DavisMay 26, 2023

New York’s Department of Financial Services hit OneMain Financial with a massive penalty, reflecting the severity of security failures found during an audit tied to multiple data breaches.

Critical infrastructure

CosmicEnergy malware poses ‘plausible threat’ to electric grids, researchers warn

Simon HenderyMay 26, 2023

Researchers say the newly discovered malware targeting electric utilities is becoming easier for threat groups to leverage against OT and ICS systems.

Cloud security

Google Cloud patches vulnerability in CloudSQL service

Steve ZurierMay 25, 2023

Dig Security researchers said the flaw could have let attackers escalate privileges to a sysadmin role on a container, allowing access to GCP data.

Privacy

Senators scrutinize Google’s claim to delete users sensitive location data

Jessica DavisMay 25, 2023

After the Supreme Court overturned Roe v. Wade, Google committed to modifying data retention policies for sensitive locations that could put users at risk.

Threat intelligence

China-linked APT targets US military comms as South China Sea tensions grow

Simon HenderyMay 25, 2023

Volt Typhoon, believed to be a state-sponsored China-based APT group, has been executing “stealthy and targeted” attacks against U.S. organizations, including in Guam.

API Bug OAuth dev tool opens websites, apps to account hijacking

Application security

API bug in OAuth dev tool opened websites, apps to account hijacking

Stephen WeigandMay 25, 2023

Critical flaw in the Expo framework that allowed them to take over user accounts via the Open Authorization (OAuth) protocol.

Cloud security

Legion malware expands scope to target AWS CloudWatch monitoring tool

Steve ZurierMay 24, 2023

Cado Security researchers believe Legion was developed in Indonesia with an eye toward selling it to other attackers for exploiting cloud services.

The ChatGPT ‘black box’ problem

WHITEPAPER

Wanted: A Few Good Threat Hunters

PODCASTS

RESOURCES

FEATURED

KeePass bug lets attackers extract the master password from memory

Get daily email updates

Perspectives

The case for converged continuous compliance

Large $1.3 billion GDPR fine on Meta was tied to a breach of trust

AI has gone mainstream – so let’s innovate and regulate

A blueprint for cost-efficient mobile AppSec

How the ILOVEYOU worm exposed human beings as the Achilles Heel of cybersecurity

In Brief

Georgia city claimed to be attacked by BlackByte ransomware gang

Microsoft credentials targeted new phishing attacks with RPMSG files

Gaming sector subjected to Dark Frost DDoS attacks

Leaked LockBit, Babuk code leveraged by Buhti ransomware operation

US military intelligence also targeted by Chinese hackers behind critical infrastructure compromise

More Resources

In focus: MDR for finance

The 2023 Identiverse Trends Report: An overview

Growth, acceleration, and safety: Top trends in the digital identity industry

In focus: MDR for healthcare

Security professionals rank the most important people skills for incident response

OneMain pays $4.5M after ignored security flaws caused data breaches

CosmicEnergy malware poses ‘plausible threat’ to electric grids, researchers warn

Google Cloud patches vulnerability in CloudSQL service

Senators scrutinize Google’s claim to delete users sensitive location data

China-linked APT targets US military comms as South China Sea tensions grow

API bug in OAuth dev tool opened websites, apps to account hijacking

Legion malware expands scope to target AWS CloudWatch monitoring tool

EVENTS

Modern privileged access management in the cloud: What’s in, what’s out?

Rising tensions, heightened stakes: A crash course in the latest observations from the cyber threat landscape

Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow

Prioritizing Blue Team Success Over Red Team Wins

Vulnerability management: Finding and fixing your fatal flaws