News Analyses

backdoor / abstract security circuits, locks and data blocks
Security threat [illustration]  >  A hacker with black hat, mask, and crowbar breaks into a laptop.

abstract collage of money with wall street finance

16 Wall Street firms fined $1.8B for using private text apps, lying about it

The banks and brokerages were fined because employees were messaging and texting with clients without recording the communications, as required. And some of the firms' execs lied about it and deleted messages.

security audit - risk assessment - network analysis

Zoho ManageEngine flaw is actively exploited, CISA warns

Threat actors are exploiting unpatched ManageEngine instances. CISA adds the vulnerability to its catalog and Zoho urges customers to check their deployments.

Tech Spotlight   >   Analytics [CSO]   >   An image of a bottle of poison emanating binary code.

SEO poisoning campaign directs search engine visitors from multiple industries to JavaScript malware

The sophisticated campaign sends victims looking for business forms and templates to sites containing malicious files.

ransomware attack

Ransomware operators might be dropping file encryption in favor of corrupting files

Corrupting files is faster, cheaper, and less likely to be stopped by endpoint protection tools than encrypting them.

Profile photo of a developer / programmer reviewing code on monitors in his workspace.

Palo Alto adds software composition analysis to Prisma Cloud to boost open-source security

Palo Alto Networks has added a new SCA solution to Prisma Cloud to help developers safely use open-source software components. The vendor has also introduced a software bill of materials.

global meeting conference international business

International cooperation is key to fighting threat actors and cybercrime

Western intelligence and national security leaders emphasize the importance of collaborating to better prepare and respond to cybersecurity threats.

Application security  >  Software code + data protected with a lock

US OMB releases guidance on federal agency software security requirements

The guidance aims to improve the security of software federal agencies use, but expects self-attestation for compliance.

CIO | Middle East  >  Iran  >  Flag

US government indicts Iranian nationals for ransomware and other cybercrimes

The Department of Justice and FBI claim three Iranian citizens conducted a global cybercrime operation while separately the US Treasury sanctions Iran.

Cyber warfare  >  Russian missile launcher / Russian flag / binary code

Russia’s cyber future connected at the waist to Soviet military industrial complex

New research raises questions about whether Russia's cyber warefare operations are up to modern day challenges.

CSO: Have you met these hackers? [slide 04]

Iranian cyberspies use multi-persona impersonation in phishing threads

Iran-sponsored groups use fake personas of real people to add credibility to phishing emails designed to deliver malware through remote template injection.

intro cyber attack maps

U.S. government offensive cybersecurity actions tied to defensive demands

Current and former U.S. government officials explain the country's "defense forward" and offensive cybersecurity policies and their risks.

nycrr cybersecurity gavel regulation compliance law nyc statue of liberty

CISA launches incident, ransomware reporting rulemaking RFI

The U.S. Cybersecurity and Infrastructure Security Agency seeks input on a common set of cybersecurity incident reporting regulations.

trojan horse malware virus binary by v graphix getty

North Korean state-sponsored hacker group Lazarus adds new RAT to its malware toolset

Lazarus has used the new remote access Trojan in campaigns that exploit the Log4Shell vulnerability and target energy companies.

apple logo red

Apple pushes out emergency updates to address zero-day exploits

Apple has encouraged users of older mobile and desktop devices to update their software ASAP, as a vulnerability could allow an attacker to take complete control of older Apple devices.

allscripts health care ransomware bitcoin

Ragnar Locker continues trend of ransomware targeting energy sector

Ransomware gangs seem to be exploiting concerns over disruptions in the energy and other critical infrastructure sectors.

A large 'X' marks a conceptual image of a password amid hexadecimal code.

Dashlane launches integrated passkey support for password manager with new in-browser passkey solution

Dashlane's passkey support allows users to authenticate to their password vaults without a password.

networking abstract

Nvidia partners with Dell and VMware for faster AI systems

New vSphere paired with Nvidia DPUs will speed up data center performance.

binary silhouettes / data / tracking / surveillance

FTC files lawsuit against Kochava for harvesting and selling geolocation data

The lawsuit claims the data broker is putting people at risk of "stigma, stalking, discrimination, job loss, and even physical violence” through the sale of geolocation data.

Load More