CISOs looking for new IT hires already struggle with talent market shortages and bridging cybersecurity skills gaps. But now they face a growing challenge from an unexpected source: sanctions-busting North Korean software developers posing as potential hires. North Korea is actively infiltrating Western companies using skilled IT workers who use fake identities to pose as […]
Author Archives: Onsite Computing, Inc.
African nation’s proactive approach to cybersecurity comes amid a rise in painful cyberattacks including the breach of a major bank. Go to Source Author: Dark Reading Staff
Originally formed as the Open Web Application Security Project and incorporated as a nonprofit charity in 2004, OWASP provides impartial advice on best practices and promotes the creation of open standards. Today, OWASP aims to help developers write better software and enable security professionals to make software more secure, recognizing that enterprise applications form the […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity. Go […]
A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The vulnerability, tracked as CVE-2024-6386 (CVSS score: 9.9), impacts all versions of the plugin before 4.6.13, which was released on August 20, 2024. Arising due to missing input validation […]
State-sponsored Chinese hackers exploited a zero-day vulnerability in Versa Director, a software platform for managing SD-WAN infrastructure used by internet service providers (ISPs) and managed service providers (MSPs). The group, known in the security industry as Volt Typhoon, has targeted US critical infrastructure organizations in the past. “Black Lotus Labs has observed the zero-day exploitation […]
Young Consulting is sending data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024. […] Go to Source Author: Bill Toulas
The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors. Go to Source Author: Dark Reading Staff
The U.S. Marshals Service (USMS) denies its systems were breached by the Hunters International ransomware gang after being listed as a new victim on the cybercrime group’s leak site on Monday. […] Go to Source Author: Sergiu Gatlan