Security

Security | News, how-tos, features, reviews, and videos

cso security hacker breach ransomeware gettyimages 1081349274 by sestovic 2400x1600px

Recent legal developments bode well for security researchers, but challenges remain

Security researchers gained greater federal legal protections over the past two years, but US state laws and China’s recently adopted vulnerability disclosure law pose threats.

binary code, magnifying lens, skull and crossbones

Attackers move away from Office macros to LNK files for malware delivery

Barriers that Microsoft has placed to prevent malicious macros has forced some cybercriminals to use LNK files for malware delivery, but at the cost of easier detection.

man in boat surrounded by sharks risk fear decision attack threat by peshkova getty

Chinese threat actor DragonSpark targets East Asian businesses

The group is seen using SparkRAT, a multi-platform remote access Trojan, to target firms in Hong Kong, Taiwan, China, and Singapore.

Security threat   >   One endpoint on a network has been compromised.

Timeline of the latest LastPass data breaches

Attackers apparently used data taken in an August attack on the password management firm to enable another attack in November.

military veteran cybersecurity

Veterans bring high-value, real-life experience as potential cybersecurity employees

Veterans come with a range of hard and soft skills acquired during their military service that often dovetail perfectly into a career in cybersecurity.

money currency international denominations global currency by metamorworks getty images 1129515470

P-to-P fraud most concerning cyber threat in 2023: CSI

Peer-to-peer fraud and other digital fraud constituted more than 29% of bankers categorizing it as the most worrying cyber threat in 2023, according to CSI.

security vulnerabilities such as hackers and cyberattacks

ServiceNow to detect open source security vulnerabilities with Snyk integration

ServiceNow Vulnerability Response users will now have access to Snyk’s product that scans open source code during the development process.

cloud security shield with checkmark / cloud / digital connections / cloud security expert / CASB

Skyhawk launches platform to provide threat detection and response across multi-cloud environments

Skyhawk says the Synthesis CDR platform employs machine learning aimed at eliminating alert fatigue with runtime protection of cloud infrastructure.

Many keys, one lock  >  Brute-force credential stuffing.

How passkeys are changing authentication

Well-implemented passkeys can improve the user experience and make it harder for cybercriminals to launch phishing and other attacks.

australia military shutterstock 1519594076

Australia fronts International Counter Ransomware Taskforce

The taskforce is a result of the International Counter Ransomware Initiative initially led by the US government and now counts on 37 members globally, including the European Union.

Digital fingerprints are virtually connected. [tracking / identity / genetics / data privacy]

Nvidia targets insider attacks with digital fingerprinting technology

A new AI-based system from Nvidia sniffs out unusual behavior and ties it to users, in an effort to prevent insider attacks and protect digital credentials.

Eyeglasses rest on a binary field / code review / threat assessment / check vulnerabilities

Attackers exploiting critical flaw in many Zoho ManageEngine products

The ManageEngine vulnerability is easy to exploit and enables remote code execution. Patches are available.

gavel / abstract binary lines  >  court judgment / fine / penalty / settlement

US Supreme Court leak investigation highlights weak and ineffective risk management strategy

The court’s inability to find out who leaked the draft decision and how they did it is a cautionary tale for CISOs about safeguarding sensitive information and intellectual property.

metaverse

The metaverse brings a new breed of threats to challenge privacy and security gatekeepers

If your organization isn’t already moving into the metaverse, it soon will be. Be warned: today’s security protocols and privacy laws may not apply to 3D worlds.

padlock on a background of 0s and 1s

Wallarm touts API leak protection with new scanning feature

API protection vendor Wallarm now features scanning and automated remediation for API compromises.

p1200572

T-Mobile suffers 8th data breach in less than 5 years

Customer data such as customer name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features were exposed in the breach.

Industry 4.0 / Industrial IoT / Smart Factory

Many ICS flaws remain unpatched as attacks against critical infrastructure rise

More than a third of ICS device vulnerabilities have no patch available at a time when ICS environments face threats from new cybercrime groups.

CIO | Middle East  >  Iran  >  Isfahan  >  Khaju Bridge  >  Architecture / structure / connection

Chinese hackers targeted Iranian government entities for months: Report

The networks of four Iranian government organizations including Iran’s Ministry of Foreign Affairs, have likely been compromised.

shutterstock 1808484295 board meeting security

How CISOs can manage the cybersecurity of high-level executives

C-suite executives and board members are targeted through their personal devices as cybercriminals look to penetrate corporate systems and access sensitive and proprietary information. Protecting them requires a holistic approach.

Quantum computing / security

QuSecure launches quantum-computing based security for endpoints

Quantum-based security with what’s advertised as “frictionless” deployment is now available from QuSecure.

Load More