News Analyses

programmer certification skills code devops glasses student by kevin unsplash

SolarWinds creates new software build system in wake of Sunburst attack

Cyber warfare > Russian missile launcher / Russian flag / binary code

Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation

ransomware breach hackers dark web

5 years after NotPetya: Lessons learned

NotPetya vastly broadened the scope of damage that malware attacks could do and forced CISOs and security researchers to rethink their approach.

A hand controls a small marionette. [control / manipulation / social engineering]

5 social engineering assumptions that are wrong

Cybercriminals continue to launch creative social engineering attacks to trick users. Meanwhile, social engineering misconceptions are exacerbating the risks of falling victim.

A binary eye sits within the center of a targeted virtual framework.

U.S. data privacy and security solutions emerging at the federal level

The American Data Privacy and Protection Act bill faces a tough battle for passage, but the Biden administration is considering actions of its own.

Industry 4.0 / Industrial IoT / Smart Factory / Tablet control of robotics automation.

Dozens of insecure-by-design flaws found in OT products

The OT:ICEFALL report shows that makers of operational technology manufacturers have to improve the security of their devices.

A multitude of arrows pierce a target. [numerous attacks / quantity / severity]

APT actor ToddyCat hits government and military targets in Europe and Asia

The previously undocumented APT group has been targeting high-profile organizations in Asia and Europe for over a year.

1 network internet connected grid earth power satellite view

Space-based assets aren’t immune to cyberattacks

Russia's attack on Viasat satellites exposed how vulnerable space-based assets are and the potential for spillover damage.

Computerworld > Microsoft OneDrive / Microsoft SharePoint

Ransomware could target OneDrive and SharePoint files by abusing versioning configurations

A proof-of-concept exploit could make Office 365 or Microsoft 365 documents stored on OneDrive or SharePoint inaccessible.

CSO > Botnet > Robots amid a blue binary matrix

New peer-to-peer botnet Panchan hijacks Linux servers

The botnet built by the platform-independent worm malware currently enables cryptomining.

CSO > ransomware / security threat

Ransomware attacks are increasing with more dangerous hybrids ahead

The re-emergence of REvil and anticipated convergence with business email compromise actors are among reasons why ransomware gangs are still dangerous.

artificial intelligence brain machine learning digital transformation world networking

Congressional hearings focus on AI, machine learning challenges in cybersecurity

Talent shortages and ensuring that AI and machine learning systems are trustworthy are among the biggest concerns explained to the U.S. Congress.

2 linux malware scarier

Hackers using stealthy Linux backdoor Symbiote to steal credentials

Symbiote is deployed as a shared object that can inject itself into existing processes, making it difficult to detect.

programmer certification skills code devops glasses student by kevin unsplash

Software supply chain security fixes gain prominence at RSA

Attendees are urged to improve asset management, use SBOMs, and collaborate with government cybersecurity agencies to better ensure software integrity.

Cybersecurity

RSA: Intel reference design to accelerate SASE, other security tasks

Intel says its reference design will enable accelerator cards to offload security processing from server CPUs without requiring more rack space.

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa

Zero-day flaw in Atlassian Confluence exploited in the wild since May

Atlassian has issued emergency patches for the vulnerability, which could allow attackers to perform remote code execution.

United States Capitol building / United States Congress / abstract security concept

U.S. cybersecurity congressional outlook for the rest of 2022

The U.S. federal government has enacted important cybersecurity laws in 2022 and will likely move forward with many of these bills before the year's end.

Tech Spotlight > Cloud [CSO] > Conceptual image of laptop users with cloud security overlay.

RSA: Cisco launches SASE, offers roadmap for other cloud-based services

New Cisco services aim to simplify security operations with new as-a-service offerings.

A firmware message appears on a circuit board.

Cybercriminals look to exploit Intel ME vulnerabilities for highly persistent implants

Leaked Conti information show the ransomware gang likely completed a proof of concept to exploit Intel ME and rewrite its firmware.

locked data / bitcoins

Ransomware roundup: System-locking malware dominates headlines

From a new ransomware group that demands donations instead of cryptocurrency to the possible resurgence of an infamous gang, these are the stories that caught the attention of infosec pros.

Load More