News

Data streams through a businessman's head. / mindset / analysis / strategy / skills / knowledge

CREST partners with Immersive Labs, Hack The Box to enhance cybersecurity skills development

Cybersecurity accreditation and certification body announces two new skills development-focused partnerships as cybersecurity skills challenges continue to impact organizations.

A developer works across multiple displays showing lines of code in a dimly lit workspace.

Cloudflare Workers for Platforms aims for more programmable web

Cloudflare Workers for Platforms provides a set of tools and an API standard that would allow developers to customize any web application.

Security system alert, warning of a cyberattack.

HackerOne launches Attack Resistance Management solution to boost cyber resilience

Vulnerability coordination and bug bounty platform says its new solution addresses attack resistance gaps by blending the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement.

Tech Spotlight   >   Cybersecurity [CSO]   >   Hands gesture in conversation

Microsoft expands managed security services offerings with new program

Security Experts allows customers to tap into Microsoft pros for threat hunting, XDR, and modernization.

bank vault bank hacked breach security breach binary numbers by negative space and peshkov getty im

Cohesity launches FortKnox to protect data from ransomware attacks

The data management vendor is adding strong data isolation and recovery capabilities with its latest software-as-a-service release, FortKnox.

datacenter servers warehouse database

Lax Australian security attitudes leaving databases exposed to web compromise

Cybersecurity research group Group-IB has identified 1,550 unsecured public-facing databases in Australia, highlighting the lingering weaknesses in corporate data protection and providing a stark warning to the surprisingly large...

gavel / abstract binary lines  >  court judgment / fine / penalty / settlement

Court finds financial advisory firm failed to prevent series of cyberattacks

Australian financial advisory RI Advice has failed to prevent a series of cybersecurity breaches resulting in a breach of its financial-services license obligations “to act efficiently and fairly”, the Federal Court found.

digital identity / authentication

Apple, Google, Microsoft expand support for FIDO passwordless sign-in standard

The tech giants commit to expanded support for FIDO passwordless standard that the firms say will allow faster, easier and more secure sign-ins across leading devices and platforms.

Cloud Security

Wrongly configured Google Cloud API potentially creates dangerous functionality

Misconfiguration of the Google Cloud Platform API could create an exploitable behavior that leads to service compromise.

hybrid cloud

Dell offers data, app recovery support for multicloud assets

Dell is adding data recovery solutions to its APEX portfolio, for data centers and public clouds including Azure and AWS.

Cybercrime

Chinese APT group Mustang Panda targets European and Russian organizations

Latest campaigns by Mustang Panda highlight the threat actor's versatility in terms of the tools and techniques it is able to use.

4 .root cause exploits breach raining data binary psd

New attack surface management product takes full-stack aim at software supply chain threats

Data Theorem's Supply Chain Secure offers continuous runtime analysis and dynamic inventory discovery.

Multi-factor authentication (MFA) / two-factor authentication (2FA) / one-time security code

GitHub to mandate 2FA for all code contributors by 2023

The world’s largest development platform will require all code-contributing users to enroll in two-factor authentication by the end of 2023 to enhance software supply chain security.

CSO: Have you met these hackers? [slide 04]

Chinese APT group Winnti stole trade secrets in years-long undetected campaign

The Operation CuckooBees campaign used zero-day exploits to compromise networks and leveraged Windows' Common Log File System to avoid detection.

clicks pageviews traffic denial of service ddos attack 100613842 orig

Pro-Ukrainian DoS attack compromises Docker Engine honeypots to target Russian, Belarusian websites

CrowdStrike detects denial-of-service attack using Docker images with target lists that overlap with domains reportedly shared by the Ukraine government-backed Ukraine IT Army.

security system vulnerabilities - a grid of locks with several unlocked

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.

An abstract network of nodes or endpoints.

Syxsense launches vulnerability monitoring and remediation solution

The new solution promises to address three key elements of endpoint security – vulnerabilities, patching and compliance.

abstract face / digital identity

Firms struggling with non-person identities in the cloud

Enterprises turning to cloud identity governance, cloud infrastructure entitlements management. and AI-driven investigation, behavioral detection programs to treat cloud security ailments.

Russian hammer and sickle / binary code

Russian cyberattacks against Ukraine, other targets expected to rise

Russia-backed hacking groups have wrought havoc in Ukrainian governmental and industrial systems and show signs of escalating cyberattacks on other targets including those outside of war zone, Microsoft reports.

CSO  >  Searching for vulnerabilities  >  Magnifying lens in a virtual interface idnetifies weakness

Researchers break Azure PostgreSQL database-as-a-service isolation with cross-tenant attack

Although the vulnerabilities were patched server-side, they allowed privilege escalation and authentication bypass.

Load More