Nowadays, financial organizations rely heavily on information and communication technology (ICT) to support remote operations. While ICT enhances operational efficiency and customer experience, it significantly increases cybersecurity risks in the financial sector. To mitigate cybersecurity risks related to ICT, the European Union (EU) has developed a specific regulation: the Digital Operational Resilience Act.

A high-severity remote code execution (RCE) vulnerability, CVE-2024-6387, has been discovered in OpenSSH’s server by the Qualys research team. This vulnerability is particularly concerning as it revives an issue that was previously addressed in 2006, highlighting the persistence of hidden bugs in widely used secure software. This discovery follows another significant vulnerability in the XZ Utils library found just a few months ago, underscoring ongoing security challenges.

The quality of malicious ads has improved immensely, making it harder for users to distinguish between what’s real or fake.

For years, we as security practitioners were promised that AI and machine learning would change our lives for the better, but time and time again, the companies that touted this technology disappointed us. In the first decade or so of AI-branded security tools, we saw plenty of products that demoed well, but were completely undeployable.

For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we are taking a look at CVE-2024-38368.

Yes, your iPhone can get viruses. However, it is uncommon for iPhones to get viruses due to the nature of Apple’s iPhone Operating System (iOS). Because iPhone users are only able to download apps from the App Store, this makes it much harder for hackers to infect their devices. Having a jailbroken iPhone would make you more susceptible to getting infected with viruses because you could download unauthorized apps outside of the App Store.

While the Fourth of July is typically considered a day of celebration for those in the U.S., many don’t realize it’s also a period of heightened risk. In fact, this isn’t unique to the Fourth of July: holidays often see an uptick in cybersecurity threats. With the Fourth of July nearly upon us, let’s examine why this happens and how you can protect yourself and your business.

Zimperium's Global Mobile Threat Report found that unique mobile malware samples grew by 51% in 2022. According to Anne Neuberger, the US Deputy National Security Advisor for Cyber and Emerging Technologies, the annual average cost of cybercrime will reach over $23 trillion in 2027. The threat landscape and the cost of ignoring security are increasing. It is no longer advisable to just be reactive but proactive in maintaining the security of mobile devices.

In the last decade, outsourcing to third parties–especially in the gig economy–has taken over key functions that enterprises used to handle internally. Today’s companies are frequently virtual–using third-party services that span the likes of application development, back-office corporate functions, contract manufacturing and research, marketing, and core IT services.