Recent legal developments bode well for security researchers, but challenges remain

9 API security tools on the frontlines of cybersecurity

Chinese threat actor DragonSpark targets East Asian businesses

Advertisement

More top stories
Patch + update options > Pixelized tools + refresh symbol with branching paths

9 API security tools on the frontlines of cybersecurity

Top API security tools can help hold the line against modern threats to the important and ubiquitous software development interfaces.

cso security hacker breach ransomeware gettyimages 1081349274 by sestovic 2400x1600px

Recent legal developments bode well for security researchers, but challenges remain

Security researchers gained greater federal legal protections over the past two years, but US state laws and China’s recently adopted vulnerability disclosure law pose threats.

binary code, magnifying lens, skull and crossbones

Attackers move away from Office macros to LNK files for malware delivery

Barriers that Microsoft has placed to prevent malicious macros has forced some cybercriminals to use LNK files for malware delivery, but at the cost of easier detection.

Advertisement

man in boat surrounded by sharks risk fear decision attack threat by peshkova getty

Chinese threat actor DragonSpark targets East Asian businesses

The group is seen using SparkRAT, a multi-platform remote access Trojan, to target firms in Hong Kong, Taiwan, China, and Singapore.

Security threat > One endpoint on a network has been compromised.

Timeline of the latest LastPass data breaches

Attackers apparently used data taken in an August attack on the password management firm to enable another attack in November.

military veteran cybersecurity

Veterans bring high-value, real-life experience as potential cybersecurity employees

Veterans come with a range of hard and soft skills acquired during their military service that often dovetail perfectly into a career in cybersecurity.

recovery gauge [disaster recovery - crisis survival - business continuity]

CYGNVS exits stealth, trumpeting its cyberattack recovery platform

CYGNVS platform promises a playbook, out-of-band connectivity, and more to help organizations recovery from major cyberattacks.

money currency international denominations global currency by metamorworks getty images 1129515470

P-to-P fraud most concerning cyber threat in 2023: CSI

Peer-to-peer fraud and other digital fraud constituted more than 29% of bankers categorizing it as the most worrying cyber threat in 2023, according to CSI.

security vulnerabilities such as hackers and cyberattacks

ServiceNow to detect open source security vulnerabilities with Snyk integration

ServiceNow Vulnerability Response users will now have access to Snyk’s product that scans open source code during the development process.

cloud security shield with checkmark / cloud / digital connections / cloud security expert / CASB

Skyhawk launches platform to provide threat detection and response across multi-cloud environments

Skyhawk says the Synthesis CDR platform employs machine learning aimed at eliminating alert fatigue with runtime protection of cloud infrastructure.

Advertisement

Many keys, one lock > Brute-force credential stuffing.

How passkeys are changing authentication

Well-implemented passkeys can improve the user experience and make it harder for cybercriminals to launch phishing and other attacks.

australia military shutterstock 1519594076

Australia fronts International Counter Ransomware Taskforce

The taskforce is a result of the International Counter Ransomware Initiative initially led by the US government and now counts on 37 members globally, including the European Union.

Digital fingerprints are virtually connected. [tracking / identity / genetics / data privacy]

Nvidia targets insider attacks with digital fingerprinting technology

A new AI-based system from Nvidia sniffs out unusual behavior and ties it to users, in an effort to prevent insider attacks and protect digital credentials.

Eyeglasses rest on a binary field / code review / threat assessment / check vulnerabilities

Attackers exploiting critical flaw in many Zoho ManageEngine products

The ManageEngine vulnerability is easy to exploit and enables remote code execution. Patches are available.

gavel / abstract binary lines > court judgment / fine / penalty / settlement

US Supreme Court leak investigation highlights weak and ineffective risk management strategy

The court’s inability to find out who leaked the draft decision and how they did it is a cautionary tale for CISOs about safeguarding sensitive information and intellectual property.

From Our Advertisers
CIO 100 Awards Don't sit on the sidelines when you could be crowned a CIO 100 winner. Entry Deadline: January 17, 2023