A vulnerability in abandoned Python open source repository projects could allow over 20,000 packages of code to be hijacked to spread malware in supply chain attacks. The warning for developers to be careful using the Python Package Index comes from researchers at JFrog, who discovered a vulnerability in PyPI’s ability to allow contributors to remove […]
Author Archives: Onsite Computing, Inc.
In recent years, the platform has become a go-to tool for executing almost all conceivable cybercriminal activity. Go to Source Author: Jai Vijayan, Contributing Writer
A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations. It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result […]
Human-centered cybersecurity (also known as ‘usable security’) involves the social, organizational, and technological influences on people’s understanding of and interactions with cybersecurity. By taking a human-centered cybersecurity (HCC) approach, we can both improve people’s cybersecurity experiences and achieve better cybersecurity outcomes, which is so important in today’s digitally interconnected world. At NIST, we understand the […]
Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, “Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them” […]
Human error remains a significant risk for organizations when it comes to cyber threats. In fact, according to Proofpoint’s 2024 Voice of the CISO report, 74% of CISOs view human error as their organization’s biggest cyber vulnerability. However, 86% of CISOs believe employees understand their role in protecting the organization, which gives them hope for […]
Go to Source Author: Jennifer Lawinski, Contributing Writer
Security professionals understand that certifications matter. Apart from a technical exam, there is no quicker way to gauge a person’s ability than to examine their certifications. Despite this fact, security professionals tend to put off their own credentialing, consumed with the day-to-day work of their role. The latest data from Foote Partners may provide you […]
The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) against facial recognition firm Clearview AI for violating the General Data Protection Regulation (GDPR) in the European Union (E.U.) by building an “illegal database with billions of photos of faces,” including those of Dutch citizens. “Facial recognition is a […]
Security professionals have good insights into the technical tactics, techniques, and procedures (TTPs) that threat actors use to launch cyberattacks. They are likewise well-versed in key defensive strategies, such as prioritizing patching based on risk and implementing a zero-trust approach. But the world of enterprise security collectively seems to remain one step behind the hackers, […]