ENISA: Software vulnerability prevention initiatives
The European Network and Information Security Agency, ENISA, has compiled a list of existing initiatives focused on finding and preventing software vulnerabilities.
Similar Posts
China Protests US Sanctions for Its Alleged Role in Hacking, Complains of Foreign Hacker Attacks
Bys sChina has slammed a decision by the US Treasury to sanction a Beijing-based cybersecurity company for its alleged role in multiple hacking incidents targeting critical infrastructure. The post China Protests US Sanctions for Its Alleged Role in Hacking, Complains of Foreign Hacker Attacks appeared first on SecurityWeek.
Pen Testing for Compliance Only? It’s Time to Change Your Approach
Bys sImagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected. This situation isn’t theoretical: it
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
Bys sUsers who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts. The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month. Targets of…
Marks & Spencer breach linked to Scattered Spider ransomware attack
Bys sLawrence Abrams reports that multiple sources inform them that the outages at UK retail giant Marks & Spencer are the result of a ransomware attack by the group known as “Scattered Spider.” Last Tuesday, M&S confirmed it suffered a cyberattack that caused widespread disruption, including to its contactless payment system and online ordering. Today, Sky News reported that the disruption continues,…
Shifting the sands of RansomHub’s EDRKillShifter
Bys sJakub Souček and Jan Holman report: The RansomHub ransomware-as-a-service (RaaS) operation affiliates were linked to established gangs Medusa, BianLian, and Play, which share the use of RansomHub’s custom-developed EDRKillShifter. ESET researchers take a look back at the significant changes in the ransomware ecosystem in 2024 and focus on the newly emerged and currently dominating ransomware-as-a-service…
Armenia probes alleged sale of 8 million government records on hacker forum
Bys sDaryna Antoniuk reports: Hackers are offering for sale what they claim is a large trove of Armenian government-related data, prompting officials in Yerevan to open an investigation into a potential breach. The alleged seller, using the alias dk0m, said it gained access to a government notification system used to distribute official communications, including legal and administrative notices…….