October 13, 2023 at 10:57AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shared new details about vulnerabilities exploited by ransomware groups in order to help critical infrastructure organizations defend against attacks. Through its Ransomware Vulnerability Warning Pilot program, CISA has identified over 800 vulnerable systems frequently targeted by ransomware operations. CISA has also … Read more
October 12, 2023 at 06:26AM Researchers at Approov have discovered that encryption, authentication, and signing keys are frequently exposed in mobile fintech apps used in Africa. The study found that when the top 10 revenue and download-generating apps were reverse-engineered, passwords, API keys, and private keys for cryptography were exposed. The researchers also identified that … Read more
October 11, 2023 at 08:54AM Password reuse is a significant security risk for organizations, as it makes it easier for cybercriminals to access sensitive data and deploy ransomware. Many organizations lack a comprehensive system to prevent password reuse, relying on multi-factor authentication which can still be bypassed. Specops Password Policy offers a solution by enforcing … Read more
October 9, 2023 at 04:11PM Proof-of-concept (PoC) exploits for the critical buffer overflow vulnerability in the GNU C Library (glibc) have been developed, putting Linux systems at risk. The flaw, disclosed by Qualys researchers, could lead to unauthorized data access and system alterations, potentially granting attackers root privileges. Linux root takeovers are highly dangerous as … Read more