News

Cyber insurance  >  Umbrella hub protecting connected devices + online activities in binary world.
API security alert / software development / application flow chart diagram

certificate / gold seal certification

(ISC)2 pilots new entry-level cybersecurity certification to tackle workforce shortages

New certification aims to validate knowledge of foundational cybersecurity concepts and best practices to address skills gap. Is another cybersecurity qualification the answer?

vulnerable breach cyberattack hacker

How shape-shifting threat actors complicate attack attribution

Researchers explain how they identified—or failed to identify—the threat actors behind three high-profile incidents and why attribution is so difficult.

A laptop displays binary code and the flag of China.

Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation

The attackers used the exploit to deploy a new remote shell Trojan called MysterySnail.

Team members with laptop and mobile phone are superimposed with abstract statistics, data and charts

Google forms Cybersecurity Action Team to support customer security transformation

Google’s initiative will offer security and compliance services to guide governments, critical infrastructure, enterprises, and small businesses through digital transformation.

network security / network traffic scanning

AT&T launches managed XDR suite to provide endpoint-to-cloud security

AT&T is combining security tools including its threat intelligence and detection platform USM Anywhere with endpoint and network security services from partners to roll out a cloud-based, managed XDR platform for end-to-end detection...

vulnerable breach cyberattack hacker

October is high season for cyberattacks, Infosec Institute study shows

A study by Infosec Institute indicates that there has been an exponential increase in cyberattacks globally in the last five years, and a major part of it happened in the month of October each year as attackers apparently exploit...

Fragmented image of a Boeing 787 airplane represented in encrypted data.

TSA to issue cybersecurity requirements for US rail, aviation sectors

New rules include reporting incidents to CISA and naming cybersecurity leads, but experts and industry representatives cite lack of input.

trojan horse malware virus binary by v graphix getty

Iranian APT targets aerospace and telecom firms with stealthy ShellClient Trojan

The MalKamak group has been running its Operation GhostShell campaign for at least three years unnoticed.

Identity access management  >  abstract network connections and circuits reflected in eye

One Identity acquires OneLogin in bid to offer consolidated IAM suite

In a move to offer its customers a consolidated suite of security applications, One Identity has acquired OneLogin, an IAM (identity and access management) provider, adding to its own set of PAM (privileged access management, IGA...

endpoint security hacker vulnerablility secure mobile security app

FCC asks carriers to step up to stop SIM swapping, port-out fraud

The US federal agency puts pressure on telecom carriers to put better authentication, account protection safeguards in place.

Security system alert, warning of a cyberattack.

Why today’s cybersecurity threats are more dangerous

Greater complexity and interdependence among systems gives attackers more opportunity for widespread, global damage, say government and industry experts.

compliance compliant regulation rules stamp gdpr

Telos, Splunk, and StackArmor streamline ATO compliance on AWS

The FASTTR initiative from the three cloud and security companies aims to help regulated defense contractors and software providers navigate through complex government security regulations including FedRAMP, CMMC, FISMA, and...

Conceptual image of a network of executives / silhouettes of executives in motion.

New US CISO appointments, September 2021

Keep up with news of CSO, CISO, and other senior security executive appointments.

backdoor / abstract security circuits, locks and data blocks

APT29 targets Active Directory Federation Services with stealthy backdoor

The FoggyWeb post-exploitation backdoor is persistent and steals configuration databases and security token certificates.

botnet

Cybercriminals bypass 2FA and OTP with robocalling and Telegram bots

The automated bots are highly successful because they effectively emulate legitimate service providers.

cybersecurity ts

MITRE ATT&CK, VERIS frameworks integrate for better incident insights

The MITRE ATT&CK/VERIS collaboration aims to create a common dictionary for communicating information about security incidents.

cso security hack breach water leak gettyimages 466029458 by firmafotografen 2400x1600px

Exchange Autodiscover feature can cause Outlook to leak credentials

A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers. Here’s what companies can do now to...

Ransomware  >  An encrypted system, held ransom with lock + chain, displays a dollar sign.

US cryptocurrency exchange sanctions over ransomware likely not the last

The sanctions are aimed to cut ransomware gangs off from their revenue. Advisory on sanctions risks regarding ransomware payments also updated.

Load More