Recent Security News
-
Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD AttackĀ
January 8, 2024 at 08:36AM Security researchers warn that tens of thousands of public GitHub repositories are vulnerable to malicious code injection via self-hosted GitHub Actions runners, posing high-impact supply chain attack risks. These attacks can be launched using self-hosted runners, allowing malicious code execution and persistence. Exploitation of this vulnerability has led to significant…
-
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks
January 8, 2024 at 08:36AM NIST’s report cautions on the vulnerability of AI to adversarial machine learning attacks and emphasizes the absence of foolproof defenses. It covers attack types, including evasion, poisoning, privacy, and abuse, and urges the community to develop better safeguards. Industry experts acknowledge the report’s depth and importance in understanding and mitigating…
-
How to Get Started with Security Automation: Consider the Top Use Cases within Your Industry
January 8, 2024 at 08:36AM Security professionals are prioritizing use cases such as incident response, alert triage, vulnerability management, spear phishing, and threat intelligence for technology investments. Automation adoption is driven by the need for efficiency, with top use cases varying by industry. A standardized, data-driven and extensible platform is key for successful security automation…
-
British Library: Finances remain healthy as ransomware recovery continues
January 8, 2024 at 08:26AM The British Library is disputing reports of potentially $9 million recovery costs from a 2023 ransomware attack, with final costs unconfirmed. The attack caused significant disruption, with various systems offline. The recovery process could take several months, impacting services and payments to authors. The library will issue updates on its…