Dark Reading:
The nation amends its Cybersecurity Act, giving its primary cybersecurity agency more power to regulate critical infrastructure and third parties, and requiring cyber incidents be reported.
CVE-2024-30051, under active exploit, is the most concerning out of this month's Patch Tuesday offerings, and already being abused by several QakBot actors.
While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.
Scattered Spider is as active as ever, despite authorities claiming that they're close to nailing its members.
Key management is more complex than ever. Your choices are: Rely on your cloud provider or manage keys locally; Encrypt only the most critical data; Or encrypt everything.
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.