CISO job turnover is continuing to drop, placing security leaders looking to gain a salary increase or leave an unfulfilling role in a difficult position. Turnover in top security roles decreased from 21% in 2022 to 12% in 2023, and further to an annualized 11% in H1 2024, limiting opportunities for compensation growth through job […]
Author Archives: Onsite Computing, Inc.
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol. The packages attempt to “gain SSH access to the victim’s machine by writing the attacker’s SSH public key in the […]
Singapore has rolled out new cybersecurity measures to safeguard AI systems against traditional threats like supply chain attacks and emerging risks such as adversarial machine learning, including data poisoning and evasion attacks. In its Guidelines and Companion Guide for Securing AI Systems, Singapore’s Cyber Security Agency (CSA) stressed that AI systems must be secure by […]
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol. “A malicious actor with network access to vCenter Server may […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.3), refers to a bug involving an unspecified third-party component that could […]
Russia-linked hackers have taken aim at Japan, following its ramping up of military exercises with regional allies and the increase of its defense budget. Go to Source Author: Robert Lemos, Contributing Writer
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union. […] Go to Source Author: Bill Toulas
These types of “long-lived” credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say. Go to Source Author: Dark Reading Staff
The networking company confirms that cyberattackers illegally accessed data belonging to some of its customers. Go to Source Author: Jai Vijayan, Contributing Writer
This latest breach was through Zendesk, a customer service platform that the organization uses. Go to Source Author: Dark Reading Staff