News
CREST partners with Immersive Labs, Hack The Box to enhance cybersecurity skills development
Cybersecurity accreditation and certification body announces two new skills development-focused partnerships as cybersecurity skills challenges continue to impact organizations.
Cloudflare Workers for Platforms aims for more programmable web
Cloudflare Workers for Platforms provides a set of tools and an API standard that would allow developers to customize any web application.
HackerOne launches Attack Resistance Management solution to boost cyber resilience
Vulnerability coordination and bug bounty platform says its new solution addresses attack resistance gaps by blending the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement.
![Tech Spotlight > Cybersecurity [CSO] > Hands gesture in conversation](https://images.idgesg.net/images/article/2021/03/spot_cybersecurity_02_cso_hands_gestures_talking_by_rawpixel_cc0_abstract_security_by_jeff_hu_gettyimages-1221975486_hero-100879634-small.3x2.jpg?auto=webp&quality=85,70){kind=tracking}
Microsoft expands managed security services offerings with new program
Security Experts allows customers to tap into Microsoft pros for threat hunting, XDR, and modernization.
Cohesity launches FortKnox to protect data from ransomware attacks
The data management vendor is adding strong data isolation and recovery capabilities with its latest software-as-a-service release, FortKnox.
Lax Australian security attitudes leaving databases exposed to web compromise
Cybersecurity research group Group-IB has identified 1,550 unsecured public-facing databases in Australia, highlighting the lingering weaknesses in corporate data protection and providing a stark warning to the surprisingly large...
Court finds financial advisory firm failed to prevent series of cyberattacks
Australian financial advisory RI Advice has failed to prevent a series of cybersecurity breaches resulting in a breach of its financial-services license obligations “to act efficiently and fairly”, the Federal Court found.
Apple, Google, Microsoft expand support for FIDO passwordless sign-in standard
The tech giants commit to expanded support for FIDO passwordless standard that the firms say will allow faster, easier and more secure sign-ins across leading devices and platforms.
Wrongly configured Google Cloud API potentially creates dangerous functionality
Misconfiguration of the Google Cloud Platform API could create an exploitable behavior that leads to service compromise.
Dell offers data, app recovery support for multicloud assets
Dell is adding data recovery solutions to its APEX portfolio, for data centers and public clouds including Azure and AWS.
Chinese APT group Mustang Panda targets European and Russian organizations
Latest campaigns by Mustang Panda highlight the threat actor's versatility in terms of the tools and techniques it is able to use.
New attack surface management product takes full-stack aim at software supply chain threats
Data Theorem's Supply Chain Secure offers continuous runtime analysis and dynamic inventory discovery.
GitHub to mandate 2FA for all code contributors by 2023
The world’s largest development platform will require all code-contributing users to enroll in two-factor authentication by the end of 2023 to enhance software supply chain security.
![CSO: Have you met these hackers? [slide 04]](https://images.idgesg.net/images/article/2018/04/cso_ss_hacker_types_slide_04_spy_by_david_sinclair_cc0_via_unsplash__binary_code_by_gettyimages_petmal-100755728-small.3x2.jpg?auto=webp&quality=85,70)
Chinese APT group Winnti stole trade secrets in years-long undetected campaign
The Operation CuckooBees campaign used zero-day exploits to compromise networks and leveraged Windows' Common Log File System to avoid detection.
Pro-Ukrainian DoS attack compromises Docker Engine honeypots to target Russian, Belarusian websites
CrowdStrike detects denial-of-service attack using Docker images with target lists that overlap with domains reportedly shared by the Ukraine government-backed Ukraine IT Army.
TLS implementation flaws open Aruba and Avaya network switches to RCE attacks
The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.
Syxsense launches vulnerability monitoring and remediation solution
The new solution promises to address three key elements of endpoint security – vulnerabilities, patching and compliance.
Firms struggling with non-person identities in the cloud
Enterprises turning to cloud identity governance, cloud infrastructure entitlements management. and AI-driven investigation, behavioral detection programs to treat cloud security ailments.
Russian cyberattacks against Ukraine, other targets expected to rise
Russia-backed hacking groups have wrought havoc in Ukrainian governmental and industrial systems and show signs of escalating cyberattacks on other targets including those outside of war zone, Microsoft reports.
Researchers break Azure PostgreSQL database-as-a-service isolation with cross-tenant attack
Although the vulnerabilities were patched server-side, they allowed privilege escalation and authentication bypass.
Most Popular
BrandPosts
Learn more-
Sponsored by Netscout
-
Sponsored by Fortinet
-
Sponsored by Palo Alto