Featured news analysis Attackers breach US government agencies through ColdFusion flaw Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. Dec 06, 2023 5 mins Advanced Persistent Threats Advanced Persistent Threats Advanced Persistent Threats news analysis Cisco unveils AI-powered assistants to level up security defenses Dec 05, 2023 5 mins Encryption Cloud Security news analysis Russia's Fancy Bear launches mass credential collection campaigns Dec 05, 2023 5 mins Advanced Persistent Threats Critical Infrastructure Vulnerabilities Articlesnews analysisDeepfakes emerge as a top security threat ahead of the 2024 US electionAs the US enters a critical election year, AI-generated threats, particularly deepfakes, are emerging as a top security issue, with no reliable tools yet in place to combat them.By Cynthia Brumfield Dec 05, 2023 7 minsElection HackingGovernmentSecurity Practicesnews analysisP2Pinfect Redis worm targets IoT with version for MIPS devicesNew versions of the worm include some novel approaches to infecting routers and internet-of-things devices, according to a report by Cado Security.By Lucian Constantin Dec 04, 2023 5 minsBotnetsHacker GroupsSecurity Practicesnews analysisAttackers could abuse Google's SSO integration with Windows for lateral movementCompromised Windows systems can enable attackers to gain access to Google Workspace and Google Cloud by stealing access tokens and plaintext passwords.By Lucian Constantin Nov 30, 2023 8 minsMulti-factor AuthenticationSingle Sign-onRemote Access Securitynews analysisAustralia’s cybersecurity strategy focuses on protecting small businesses and critical infrastructureThe Australian federal government released the 2023-2030 cybersecurity strategy, which focuses on protecting households and small businesses and has big expectations from telecommunications providers.By Samira Sarraf Nov 21, 2023 8 minsSmall and Medium BusinessGovernmentCritical Infrastructurenews analysisAT&T’s mysterious MSSP spinoff could have upsides for its security consulting businessAT&T is spinning off part of its cybersecurity business, joining a venture firm to create a new managed security services provider (MSSP) entity, for faster growth.By Jon Gold Nov 21, 2023 3 minsManaged Service ProvidersNetwork Securitynews analysisRansomware gang files SEC complaint against company that refused to negotiateNew US Securities and Exchange Commission rules require reporting of breaches that are material, giving cyber extortionists a new tactic to coerce payments.By Lucian Constantin Nov 17, 2023 4 minsRansomwareComplianceCybercrimenews analysisCloud Security Alliance announces new zero-trust security credentialThe first authoritative certificate aims to set standards and promote best practices for hot security technology.By John P. Mello Jr. Nov 17, 2023 4 minsZero TrustCertificationsCareersnews analysisPalestine-aligned cyberespionage actor shifts infection chain tacticsThe highly targeted spear-phishing campaign uses Microsoft PowerPoint add-in and XLL, RAR attachments to deliver malware. By Lucian Constantin Nov 16, 2023 4 minsAdvanced Persistent ThreatsPhishingCyberattacksnews analysisIntel patches high-severity CPU privilege escalation flawThe Reptar vulnerability affects Intel processors with the new fast short repeat move (FSRM) feature.By Lucian Constantin Nov 15, 2023 4 minsVulnerabilitiesnews analysisMisconfigured Docker API endpoints allow attackers to deliver DDoS botnet agentA malicious OracleIV image has been downloaded more than 3,000 times from Docker Hub.By Lucian Constantin Nov 14, 2023 4 minsDDoSCyberattacksnews analysisChina, Ukraine, and Israel in the cyberwar spotlight as tensions riseWith active kinetic wars in two major global arenas and fears that China is stealthily infiltrating critical infrastructure for future cyber disruption, experts at this year’s Cyberwarcon painted a picture of the growing harm that malicious cyber tools can wreak.By Cynthia Brumfield Nov 13, 2023 8 minsAdvanced Persistent ThreatsCyberattacksCritical Infrastructurenews analysisIranian APT group launches destructive attacks against Israeli organizationsThe Agonizing Serpens group seeks to steal sensitive information and then wipe systems.By Lucian Constantin Nov 09, 2023 6 minsAdvanced Persistent ThreatsCyberattacks Show more Show less Show me morePopularArticlesPodcastsVideos news BSIMM 14 finds rapid growth in automated security technology By John P. Mello Jr. Dec 06, 20234 mins Application SecurityNetwork Security news Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey By Gagandeep Kaur Dec 06, 20234 mins IT JobsSecurity Practices feature 20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilities By Susan Bradley Dec 06, 20236 mins Patch Management SoftwareThreat and Vulnerability ManagementWindows Security podcast CSO Executive Sessions Australia with Sunil Sale, CISO at MinterEllison Nov 20, 202315 mins CSO and CISO podcast CSO Executive Sessions Australia with Robbie Whittome, CISO at Curtin University Oct 16, 202315 mins CSO and CISO podcast CSO Executive Sessions / ASEAN: Cisco's Anthony Grieco on opportunities in Southeast Asia's cybersecurity landscape Oct 10, 202316 mins CSO and CISO video CSO Executive Sessions Australia with Sunil Sale, CISO at MinterEllison Nov 20, 202315 mins CSO and CISO video AI and Cybersecurity: Speed Bumps, Training, and Communication Nov 06, 202317 mins CyberattacksGenerative AI video CSO Executive Sessions Australia with Robbie Whittome Oct 16, 202315 mins CSO and CISO