Recent Security News
-
SaaS Vendor Risk Assessment in 3 Steps
November 13, 2023 at 03:04AM Software-as-a-Service (SaaS) is transforming the way businesses operate, but it also introduces security vulnerabilities. Managing SaaS vendors through vendor risk assessments is crucial for securing the supply chain. Here are three steps to assess and manage vendor-related risks in SaaS: gaining visibility into SaaS usage, assessing the security risks of…
-
Security Is a Process, Not a Tool
November 13, 2023 at 03:04AM The cybersecurity industry focuses on developing new tools to address security challenges, but the most common cause of incidents remains process errors. According to a survey, 33% of security incidents are due to process errors, and 55% of security tools are not actively managed. Process mining for cybersecurity is proposed…
-
Royal Mail cyber security still a mess, say infosec researchers
November 13, 2023 at 01:32AM The UK’s Royal Mail has been found to have an open redirect flaw on one of its websites, which potentially exposes customers to malware infections and phishing attacks. The vulnerability allows attackers to use the legitimate website to redirect users to malicious sites. The Royal Mail has been notified of…
-
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations
November 13, 2023 at 01:06AM Chinese hacking groups have been found targeting 24 Cambodian government organizations in a long-term espionage campaign. The cyber activity is believed to align with China’s geopolitical goals and involves leveraging strong relations with Cambodia to expand naval operations in the region. The groups have been using fake cloud backup and…
-
Major Phishing-as-a-Service Syndicate ‘BulletProofLink’ Dismantled by Malaysian Authorities
November 13, 2023 at 01:06AM Malaysian law enforcement, with assistance from the Australian Federal Police and the U.S. Federal Bureau of Investigation, has shut down the phishing-as-a-service operation BulletProofLink. Eight individuals have been arrested and authorities seized servers, computers, jewelry, vehicles, and cryptocurrency wallets. BulletProofLink provided phishing templates to other actors, mimicking login pages of…