The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.

Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.

A report found more than 40 million exposures are impacting 11.5 million critical business entities, with more than half related to cloud platforms.

The post Identity, Credential Misconfigurations Open Worrying Security Gaps appeared first on Security Boulevard.

The centralized system helps organizations identify, track, and reduce risks, addressing the challenges of incomplete risk visibility and manual processes.

The post Critical Risk Launches Critical Start Cyber Risk Register  appeared first on Security Boulevard.

No degree? No problem. The federal government and private industry leaders are coordinating to prioritize skills-based hiring to shore up the nation's cybersecurity workforce.

The post White House Cybersecurity Workforce Initiative Backed by Tech Titans appeared first on Security Boulevard.

AI is rapidly increasing the pace of API creation within organizations, leading to API security becoming as significant as traditional application security.

Here’s what you can learn from the top five API breaches of the last quarter.

The post API Vulnerabilities Found Across AI Infrastructure Projects at NVIDIA, Mercedes appeared first on Security Boulevard.

Stagnating security budgets and mounting job pressures are weighing on CISOs, a quarter of whom expressed discontent with their salary and overall compensation.

Show me the money: The average total compensation for tech CISOs stands at $710,000.

The post One in Four Tech CISOs Unhappy with Compensation appeared first on Security Boulevard.

A GAO review of NASA projects found that, while some cybersecurity challenges have been addressed, many security policies and standards remain optional.

The post NASA Must Improve Spacecraft Cybersecurity, GAO Report Finds appeared first on Security Boulevard.

The attack cut off access to electronic healthcare records (EHRs) and ordering systems, plunging the organization and its health services into chaos.

Bad actors are always ready to exploit political strife to their own ends. Right now, they’re doing so with the conflict in the Middle East. A holistic defense against influence networks requires collaboration between government, technology companies and security research organizations.

The post Emerald Divide Uses GenAI to Exploit Social, Political Divisions in Israel Using Disinformation appeared first on Security Boulevard.

Modern CISOs have a new task cut out for them: determining how to navigate AI as both challenge and opportunity.

The post CISOs Reconsider Their Roles in Response to GenAI Integration appeared first on Security Boulevard.

New account passwords, often used during onboarding, are vulnerable to sophisticated attacks from malicious actors.

Good idea to check: What’s your company using?

The post Easily Guessed Passwords for New Accounts Include “User”, “Temp”, “Welcome” appeared first on Security Boulevard.

VFCFinder analyzes commit histories to pinpoint the most likely commits associated with vulnerability fixes.

The post VFCFinder Highlights Security Patches in Open Source Software appeared first on Security Boulevard.

Overall ransomware frequency grew by 64% in 2023, with increases in both direct and indirect ransomware. Victims paid $282,000 in ransom on average, a 77% drop in price, and half the companies avoided paying a ransom completely.

The post Ransomware Attacks Evolve as Average Ransom Demand Tops $1.26 Million appeared first on Security Boulevard.