A failure to imagine — and prepare for — threats to outer-space related assets could be a huge mistake at a time when nation-states and private companies are rushing to deploy devices in a frantic new space race.
A threat actor has accessed data belonging to at least 165 organizations using valid credentials to their Snowflake accounts, thanks to no MFA and poor password hygiene.
MFA and other mechanisms are critical to protect against unauthorized access to data in cloud application environments, but businesses still fall down on the job.
It's unclear whether a dataset for sale on the site allegedly containing data from more than 500 million Ticketmaster users is real or just law enforcement bait.
The severe security vulnerability (CVE-2024-4701, CVSS 9.9) gives remote attackers a way to burrow into Netflix's Genie open source platform, which is a treasure trove of information and connections to other internal services.
While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.
Researchers recently spotted the Spanish-speaking threat actor — with nearly 400 previous victims under its belt — in a new campaign in Latin America and Central Africa.
Though Olympics officials appear to have better secured their digital footprint than other major sporting events have, significant risks remain for the Paris Games.
Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi's File Manager, has at least 1 billion installations.
The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files.
The business intelligence servers contain vulnerabilities that Qlik patched last year, but which Cactus actors have been exploiting since November. Swathes of organizations have not yet been patched.
Eight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data.
Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails.