Apple issues emergency fixes for 2 WebKit 0-days exploited in the wildLaura FrenchDecember 1, 2023iOS 17.1.2, macOS Sonoma 14.1.2 and Safari 17.1.2 updates resolve the vulnerabilities.
It makes sense for the Biden administration to focus on software security – but it’s up to the industry to make it happen John Funge November 29, 2023
Key questions to ask when evaluating an identity and access security vendorPaul WagenseilNovember 8, 2023
RansomwareFidelity National Financial back to ‘normal business operations’ after cyberattackSteve ZurierDecember 1, 2023All roads in the FNF case lead to a ransomware incident, but there’s still no confirmation which group executed the attack or if a ransom was paid.
RansomwareBlack Basta’s ransom haul tops $100M in less than 2 yearsSimon HenderyDecember 1, 2023Analysis reveals 18 of ransomware gang Black Basta’s 300-plus victims were extorted over $1 million each, with one handed over $9 million.
Bug BountiesZoom flaw enabled hijacking of accounts with access to meetings, team chatLaura FrenchNovember 30, 2023Ethical hackers at AppOmni claimed a $5,000 bug bounty for discovering the Zoom Rooms vulnerability, disclosed at a conference last summer.
Generative AIWhat can you get for $200? Several megabytes of ChatGPT training dataSteve ZurierNovember 30, 2023The DeepMind researchers it was possible to launch a “Prompt Injection Attack” to extract more training data by spending more money querying the model.
Security Strategy, Plan, BudgetFewer cybersecurity professionals losing their jobs in breach ‘blame’ gameLaura FrenchNovember 30, 2023Cybersecurity job security, vendor loyalty and board support after a breach were covered in a survey of 500 CISOs.
API securityGoogle 0-day browser bug under attack, patch availableStephen WeigandNovember 30, 2023One of the seven security updates Google released Nov. 28 for its Chrome browser is under active exploitation in the wild.
Vulnerability ManagementCritical ownCloud bug ‘actively exploited’ after disclosureLaura FrenchNovember 29, 2023No confirmed hacking incidents tied to the ownCloud vulnerability has highest severity CVSS score of 10, publicly disclosed Nov. 21.
Incident ResponseAll Okta customer support users exposed in October breach, company disclosesSteve ZurierNovember 29, 2023While Okta did not report how many customers were affected, the company’s website says more than 18,000 customers use its platform.