Recent Security News
-
What’s worse than paying an extortion bot that auto-pwned your database?
January 17, 2024 at 10:10AM The Border0 security researchers have identified a malicious extortion bot targeting publicly exposed PostgreSQL and MySQL databases with weak passwords. This bot autonomously wipes out vulnerable databases and leaves a ransom note, claiming to back up the data when in reality it only saves a small portion. It has managed…
-
Strength in Numbers: The Case for Whole-of-State Cybersecurity
January 17, 2024 at 10:07AM A recent CloudSEK XVigil report reveals a 95% surge in cyberattacks on government agencies in 2022. The public sector faces greater cybersecurity challenges due to limited resources and widespread personal data. A whole-of-state (WoS) cybersecurity strategy is proposed for collaborative defense, supported by the State and Local Cybersecurity Grant Program.…
-
Using Wazuh to build a cybersecurity architecture with open source tools
January 17, 2024 at 10:07AM Cybersecurity architecture involves designing an organization’s approach to securing its information systems. It aims to establish a resilient defense against cyber threats. Leveraging open source tools offers cost-effectiveness and flexibility. Selecting tools like Wazuh, ClamAV, Suricata, pfSense, ModSecurity, VeraCrypt, OpenDLP, and OpenVAS helps build a robust cybersecurity architecture. Wazuh, in…
-
PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions
January 17, 2024 at 09:57AM PAX Technology’s PoS terminals have high-severity vulnerabilities that could allow threat actors to execute arbitrary code. The STM Cyber R&D team discovered six flaws, including privilege escalation and local code execution, impacting various PAX devices. The vulnerabilities were responsibly disclosed to PAX, and patches were released in November 2023. Key…
-
Combating IP Leaks into AI Applications with Free Discovery and Risk Reduction Automation
January 17, 2024 at 09:57AM Wing Security introduces a free discovery and a paid tier for automated control over AI SaaS applications, aiming to enhance intellectual property and data protection. 83.2% of companies use GenAI applications, with 99.7% employing AI-powered SaaS. Their solution offers steps to Know, Assess, and Control AI risks while automating workflows…