CyRC Vulnerability Advisory: CVE-2023-32353, Apple iTunes local privilege escalation on Windows
Synopsys Cybersecurity Research Center has discovered a local privilege escalation vulnerability in Apple iTunes on Microsoft Windows.
Security
How does phishing lead to ransomware attacks?
Cybercrime continues to rise — the 2022 Internet Crime Report produced by the FBI's Internet Crime Complaint Center (IC3) revealed that the number of complaints it receives annually has more than doubled since 2018. The potential loss from cybercrime has also grown significantly – between 2021 and 2022, it rose from $6.9bn to $10.2bn.
Simulate a Crisis, Avoid a Catastrophe
Trite old sayings aside, practice works. Sports teams and the armed forces understand that ensuring everyone knows their role and has practiced it until they can do the job in the dark with their eyes closed is the only way to guarantee the proper reaction when it’s time to go to work. The same should hold true for an organization preparing for any type of emergency, ranging from a power outage, natural disaster, or cyberattack.
Do Not Cross The 'RedLine' Stealer: Detections and Analysis
RedLine Stealer is a malware strain designed to steal sensitive information from compromised systems. It is typically distributed through phishing emails, social engineering tactics, and malicious URL links.
PCI DSS 4.0 Requirements - Network Security Controls and Secure Configuration
We have officially entered the 12-month countdown to the enactment of the new Payment Card Industry Data Security Standard (PCI DSS). The new version, 4.0, set to go into effect on April 1, 2024, contains some interesting and notable changes. Is your organization ready to meet the new requirements? In this 6-part series, we spoke with specialists who help to break down the changes to make your transition to the new Standard as easy as possible.
Container Security Fundamentals - Containers Are Just Processes
When you want to secure containerized environments, it’s important to understand the details of how they work. In this video we’ll take a look at the idea that containers are just processes and how you can use Linux tools to interact with them.
Introducing Vanta's Security and Privacy Training Library
In today’s world, it’s important for your employees to learn about security and privacy best practices not only for their day-to-day roles at your company, but also to help inform the myriad of security and privacy decisions they make in their personal lives every day.
OWASP: Web Application Threats
Web applications are the backbone of any online presence. They allow companies to reach customers, communicate with them, and even store sensitive data. Unfortunately, this also means that web applications can be targeted by attackers who want to exploit weaknesses in their security measures.
Decade-old critical vulnerability in Jetpack patched on millions of WordPress websites
Jetpack, an extremely popular WordPress plugin that provides a variety of functions including security features for around five million websites, has received a critical security update following the discovery of a bug that has lurked unnoticed since 2012. Jetpack's maintainers, Automattic, announced on Tuesday that it had worked closely with the WordPress security team to push out an automatic patch for every version of Jetpack since 2.0.
