News
Critical flaw in Atlassian Confluence actively exploited
The remote code execution vulnerability was recently patched for affected versions of Atlassian Confluence Server and Data Center; users are advised to apply the patch or upgrade.
Cosmos DB users advised to regenerate their keys following serious vulnerability
The Azure vulnerability, which affects only those using the Jupyter Notebook feature, gives attackers access to data in databases.
LockFile ransomware uses intermittent encryption to evade detection
This newly discovered ransomware works fast, has multiple ways to avoid detection, and preys on Windows systems with known vulnerabilities.
China's PIPL privacy law imposes new data handling requirements
The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information.
Security blind spots persist as companies cross-breed security with devops
As devops matures into devsecops, cultural obstacles continue to exert drag.
OnePercent ransomware group hits companies via IceID banking Trojan
This new, aggressive ransomware group also uses Cobalt Strike to move laterally across the network.
4 most dangerous emerging ransomware threat groups to watch
New research identifies four emerging ransomware groups currently affecting organizations and that show signs of becoming bigger threats in the future.
New CSO appointments in India
An updated list of newly-appointed chief information security officers at organizations across India.
Amazon Sidewalk highlights network security visibility risks consumer services pose
Research warns consumer-grade services can undermine risk assessment of corporate networks amid remote working as Houdini malware spoofs devices to exfiltrate data.
IoT devices have serious security deficiencies due to bad random number generation
It's not the IoT vendors' fault. Lack of a cryptographically secure pseudo-random number generator subsystem for the internet of things devices will be vulnerable.
Wave of native IIS malware hits Windows servers
IIS malware presents diverse, persistent, and growing threats from old and new threat actors.
Apple plan to scan users’ iCloud photos raises new fears of government-mandated data access
Experts argue that Apple is clearing a path for governments to gain access to their citizens' data--essentially an encryption backdoor.
NSA, CISA release Kubernetes hardening guidance following Colonial Pipeline, other attacks
The guidance seeks to educate IT administrators about cloud security risks and best practices for implementing and maintaining Kubernetes.
Serious flaws in widespread embedded TCP/IP stack endanger industrial control devices
Critical vulnerabilities potentially affect millions of devices, but finding and patching them will be difficult.
Basic flaws put pneumatic tube transport systems in hospitals at risk
Multiple vulnerabilities could allow persistent take-over and ransom demands by attackers.
![Praying mantis among green leaves [camouflage/stealth]](https://images.idgesg.net/images/article/2019/02/camouflage_stealth_praying_mantis_among_green_leaves_by_david_clode_cc0_via_unsplash_2400x1600-100788546-small.3x2.jpg?auto=webp)
APT group hits IIS web servers with deserialization flaws and memory-resident malware
Praying Mantis group is likely a nation-state actor that uses custom malware and is adept at avoiding detection.
Why code reuse is still a security nightmare
Despite best efforts to track software dependencies, blind spots still exist leading to silent vulnerabilities in software.
![Tech Spotlight > Cloud [CSO] > Conceptual image of laptop users with cloud security overlay.](https://images.idgesg.net/images/article/2021/06/spot_cloud_3x2_03_cso_laptop_users_with_ccloud_security_overlay__by_metamorworks_gettyimages-1132912672_b-100891925-medium.3x2.jpg?auto=webp)