Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security researchers have uncovered a novel and concerning method for cybercriminals to distribute malware using public code repositories. Known as "Revival Hijack," this technique involves the re-registration of previously abandoned package names on the PyPI repository. By taking advantage of the fact that PyPI allows the reuse of names from removed packages, attackers are able to slip malicious code into unsuspecting organizations.

In an ironic twist of fate, cybercriminals seeking to exploit stolen credentials have found themselves the targets of a new scheme. Security researchers recently uncovered a malicious campaign in which hackers were lured into downloading infostealer malware through a seemingly legitimate tool for checking compromised OnlyFans accounts. This development serves as a reminder that even those lurking on the dark web are not immune to digital risks.

SSL/TLS cipher suite is a collection of cryptographic algorithms that collaborate to enable Secure sockets layer/Transport layer security (SSL/TLS) Protocols. This article explains how a cipher suite provides secure, encrypted online communication. Let’s dive in!

In a world as technologically dependent as the one we live in, individuals and companies are more vulnerable than ever to multiple threats, ranging from ransomware and malware attacks to data theft and other forms of cybercrime.

Ahead of Rubrik’s inaugural Healthcare Summit on September 12th, I thought it was appropriate to set the stage for what’s coming. Threat actors aren’t going to wait for you to get ready before they launch their attack. They’re banking on you not being able to recover your data—or not being able to recover fast enough—to maximize the damage they leave in their wake.

In late July 2024, the US Cybersecurity and Infrastructure Security Agency (CISA) added two critical vulnerabilities (CVE-2024-4789 and CVE-2024-5217) affecting ServiceNow to its list of known exploited vulnerabilities. These vulnerabilities can allow unauthenticated users to execute code remotely, posing severe risks to organizations that use the platform. The potential for unauthorized access and severe data breaches makes addressing these vulnerabilities crucial.

Ransomware attacks have a profound impact on healthcare organizations, extending well beyond financial losses and the disrupted sleep of staff and shareholders. A University of Minnesota School of Public Health study highlighted by The HIPAA Journal reveals that these attacks can lead to higher in-hospital mortality rates for patients admitted during the incidents. Additionally, the study found that hospital volumes dropped by 17%-25% during the first week of an attack.

Have you heard about SOPS? If you have already been in a situation where you needed to share sensitive information with your teammates, this is for you. Today, let's have a look at how it works and how to use it with various key management services such as AWS KMS and HashiCorp Vault.

The Enterprise OPA Platform’s low-code policy builder empowers product owners and security analysts to design, review, and experiment on application permission logic directly.

The GRC Group ("GRC"or the "Group"), a leading provider of software and tech-enabled services to manage business risks and regulatory compliance, has today acquired Pentest People Ltd (“Pentest People”).