News Analyses

CSO > secure mergers + acquisitions / floating puzzles pieces / abstract security mechanisms

McAfee, FireEye merger yields Trellix, a unified XDR security company

USA / United States of America stars + stripes and binary code superimposed over The White House

Biden memo aims to bolster cybersecurity in national security systems

Hands are stacked together in unity and trust. [colleagues / teamwork / collaboration]

Tech sector embraces public-private collaboration on open-source software security

Participants in a White House meeting on securing open-source software expressed optimism for working effectively with government to help prevent Log4j-like events.

A conceptual security grid of locks overlays a network / datacenter / server room.

Thousands of enterprise servers are running vulnerable BMCs, researchers find

According to analysis by firmware security firm Eclypsium, 7,799 HPE iLO (HPE's Integrated Lights-Out) server baseboard management controllers (BMCs) are exposed to the internet and most do not appear to be running the latest version...

thinkstockphotos 499123970 laptop security

Microsoft touts first PCs to ship natively with secure Pluton chip

Along with thwarting malware, the Pluton chip handles BitLocker, Windows Hello, and System Guard and might help prevent physical insider attacks. The technology is also being used in Azure Sphere in the cloud.

An anonymous hooded figure is surrounded by an abstract network of avatars.

Cybercrime group Elephant Beetle lurks inside networks for months

Elephant Beetle specializes in stealing money from financial and commerce firms over an extended period of time while remaining undetected.

Cybersecurity > abstract network of circuits data and lock

CISA sees no significant harm from Log4j flaws but worries about future attacks

The U.S. cybersecurity agency can't rule out that adversaries are using Log4j to gain persistent access to launch attacks later.

a hooded figure targets a coding vulnerability

New Log4Shell-like vulnerability impacts H2 Java SQL database

Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk.

cloud security / data protection / encryption / security transition

MITRE: To test and gain confidence in MSSPs, use ATT&CK framework

Companies have greater confidence in their own security teams than in MSSPs, according to a new survey. To better evaluate service provider capabilities, companies can apply techniques used by the ATT&CK (adversarial tactics,...

rules rulebook law compliance regulation by baloon111 getty

FTC, SEC raise legal risks surrounding the log4j flaw

The U.S. Federal Trade Commission also threatened possible legal action for companies that don't address the risk from the Log4j vulnerabilities.

Gears in the form of a cloud in a binary field > Cloud controls

UK NCSC updates Cyber Essentials technical controls requirements and pricing structure

Technical controls update includes revisions surrounding the use of cloud services, multi-factor authentication, and password management. New pricing structure better reflects organisational size and complexity.

A stressed businessman with head in hand sits at a desk and computer in an office workspace.

Security leaders on how to cope with stress of Log4j

The Log4j vulnerability puts great pressure on security teams already stretched thin dealing with ransomware and other attacks. This advice will help them cope.

tt21 052 thumb
video

What is the NIST Cybersecurity Framework? How risk management strategies can mitigate cyberattacks

Recently, U.S. Cyber Command confirmed it has acted against ransomware groups, underscoring the importance of cybersecurity to national security. Effective risk management frameworks, such as the NIST Cybersecurity Framework, can help...

Skull-and-crossbones, code and the 'stop' gesture: hand held forward, palm out, fingers pointing up

Second Log4j vulnerability carries denial-of-service threat, new patch available

The fallout from the Apache Log4j vulnerability continues as researchers discover a second exploit that could lead to denial-of-service attacks. A patch is available to fix the issue.

cso security hacker breach privacy ransomware malware attack gettyimages 1216075693 by towfiqu aham

Survey: Hackers approach staff to assist in ransomware attacks

Cyberattackers have approached employees in 48% of organizations in North America to assist in ransomware attacks, according to a report by Pulse and Hitachi ID.

Security system alert, warning of a cyberattack.

Cybereason, Google Cloud launch XDR solution to streamline threat detection and response

New joint solution enhances ability to predict, detect, and respond to cyberattacks at scale across endpoints, networks, identities, cloud, and workspaces.

USA / United States of America stars + stripes and binary code superimposed over The White House

NIST gears up for software security and IoT labeling pilot programs

Intended to help consumer make more secure software and IoT device purchases, the labeling guidelines are voluntary and self-policing at this time.

wireless security vulnerability

Researchers warn about continuous abuse of unpatched MikroTik routers

Attackers are still exploiting unaddressed vulnerabilities in an estimated 300,000 MikroTik routers. A new tool will detect compromised devices.

CSO > Botnet > Robots amid a blue binary matrix

Google disrupts major malware distribution network Glupteba

The botnet take-down is believed to be temporary as the criminal group has a backup command-and-control mechanism based on Bitcoin blockchain.

maze labrynth endpoint protection easy access bypass by gremlin getty

Critical flaw in ManageEngine Desktop Central MSP tool exploited in the wild

Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available.

Load More