Advertisement
Latest News
Researchers find new ICS malware toolkit designed to cause electric power outages
Mandiant recommends threat-hunting steps to detect COSMICENERGY despite no confirmed attacks in the wild.
How to check for new exploits in real time? VulnCheck has an answer
VulnCheck’s new database tracks exploits for fresh vulnerabilities in real time and allows for search using CVE IDs.
Inactive accounts pose significant account takeover security risks
Inactive accounts that haven’t been accessed for extended periods are more likely to be compromised due to password reuse and lack of multifactor authentication.
Advertisement
Microsoft links attacks on American critical infrastructure systems to China
The Chinese nation-state actor has been actively conducting espionage and information-gathering attacks on American systems since mid-2021.
Attributes of a mature cyber-threat intelligence program
Mature cyber-threat intelligence programs follow a lifecycle and provide tactical, operational, and strategic value. Many enterprise organizations aren't even close.
6 ways generative AI chatbots and LLMs can enhance cybersecurity
Generative AI chatbots and large language models can be a double-edged swords from a risk perspective, but with proper use they can also improve cybersecurity in key ways
SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups
Research shows a shift toward advanced persistent threat actors compromising smaller organization, in part to enable other attacks.
New hyperactive phishing campaign uses SuperMailer templates: Report
Network security firm Cofense was able to identify a code trace in phishing emails that revealed SuperMailer abuse in the attacks.
US sanctions four North Korean entities for global cyberattacks
North Korean hackers stole more virtual currency in 2022 than in any previous year, with estimates ranging from $630 million to over $1 billion — reportedly doubling Pyongyang’s total cybertheft proceeds in 2021.
CyberArk’s enterprise browser promises zero-trust support, policy management
The identity security vendor is set to launch an enterprise browser in response to increasing post-MFA attacks on session cookies.
Advertisement
Credential harvesting tool Legion targets additional cloud services
Threat actors now use Legion to steal AWS-specific credentials from web servers to enable email and SMS spam campaigns.
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach
Will Joe Sullivan’s conviction for obstruction in the reporting of the 2016 Uber privacy breach send a chill through the cybersecurity profession? Sullivan tells CSOs he’s worried it just might.
Axiado releases new security processors for servers and network appliances
The new TCUs released by Axiado are built within a single SoC, with AI as added layer of security.
Teleport releases Teleport 13 with automatic vulnerability patching, enhanced DevOps security
Teleport 13 features include Transport Layer Security routing and the ability to import applications/groups from Okta and AWS OpenSearch support for secure database access.
Think security first when switching from traditional Active Directory to Azure AD
With the final release of Windows 10, the use of traditional Active Directory may be waning, and Azure AD on the rise. Here are some security concerns that need to be addressed when making the switch.
From Our Advertisers
-
Featured Sponsor IntelCompetitive Advantage with a Modern Data Center that Delivers Boundless Agility
-
Sponsored by AT&TAT&T Cybersecurity Insights Report
-
Sponsored by ZscalerThe status quo for DNS security isn’t working
-
Sponsored by CiscoStop the Sprawl: How Vendor Consolidation Can Reduce Security Risks in the