Cloud Security Alliance Releases Top‌ ‌Threats‌ ‌to‌ ‌Cloud‌ ‌Computing 2024 Report

Results highlight growing trust in the cloud as traditional cloud security concerns lessen in importanceSEATTLE and Black Hat Conference (Las Vegas) – Aug. 6, 2024 – Traditional cloud security issues often associated with cloud service providers (CSPs) are continuing to decrease in importance, according to the Top Threats to Cloud Computing 2024 report — the […]

Suspicious Minds: Insider Threats in The SaaS World

Everyone loves the double-agent plot twist in a spy movie, but it’s a different story when it comes to securing company data. Whether intentional or unintentional, insider threats are a legitimate concern. According to CSA research, 26% of companies who reported a SaaS security incident were struck by an insider.  The challenge for many is […]

North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry

The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The packages in question, harthat-api and harthat-hash, were published on July 7, 2024, according to Datadog Security Labs. Both the […]

Imagine GRC in 2030: a Q&A with RegScale’s Travis Howerton

Originally published by RegScale.Digital transformation, a raft of new state and federal regulations, and the exponential pace of change are quickly disrupting governance, risk, and compliance (GRC) processes for organizations and the CISOs who manage them. Big changes are ahead leading up to the year 2030 and beyond. We sat down with RegScale’s Co-Founder and […]

New Android Spyware LianSpy Evades Detection Using Yandex Cloud

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control (C2) communications as a way to avoid having a dedicated infrastructure and evade […]

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. “There are indications that CVE-2024-36971 may be under limited, targeted exploitation,” the tech giant noted in its […]

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances. Tracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz […]