News

ransomware attack
Election security / vulnerabilities / United States flag overlays voting ballot and unsecured lock

metadefender kiosk k2100

OPSWAT mobile hardware offers infrastructure security for the air gap

A new, tablet-sized media scanner boasts a wide range of capabilities for critical infrastructure defense.

API security alert / software development / application flow chart diagram

Microsoft attributes Charlie Hebdo attacks to Iranian nation-state threat group

NEPTUNIUM group claims access to the personal information of more than 200,000 Charlie Hebdo customers and uses sockpuppet accounts to taunt France’s cybersecurity sector.

shutterstock 1808484295 board meeting security

Critical vulnerability patched in Jira Service Management Server and Data Center

Atlassian has issued fixed versions of the software and described a workaround to the flaw that could make access tokens available to attackers.

Conceptual image of a network of executives / silhouettes of executives in motion.

New US CISO appointments, January 2023

Keep up with news of CSO, CISO, and other senior security executive appointments.

A magnifying lens exposes an exploit amid binary code.

Remote code execution exploit chain available for VMware vRealize Log Insight

Researchers found four vulnerabilities in vRealize Log Insight that were relatively non-threatening on their own but lead to significant compromise when used together.

network security lock padlock breach

NTT, Palo Alto partner for managed SASE with AIOps

Using a managed services provider to deliver SASE can streamline deployment and free up enterprise resources.

Wired brain illustration - next step to artificial intelligence

Foreign states already using ChatGPT maliciously, UK IT leaders believe

Most UK IT leaders are concerned about malicious use of ChatGPT as research shows how its capabilities can significantly enhance phishing and BEC scams.

cyber attack alarm alert

APT groups use ransomware TTPs as cover for intelligence gathering and sabotage

Changing tactics by North Korean, Russian, and Chinese APT groups suggest that Western companies are at greater risk.

Profile photo of a developer / programmer reviewing code on monitors in his workspace.

New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs

The OSC&R Framework aims to help security professionals better understand and measure software supply chain risk.

Cloud security threats  >  theft / breach / fraud / phishing

Misconfiguration and vulnerabilities biggest risks in cloud security: Report

About 87% of container images include a high or critical vulnerability, while 90% of granted permissions are not used, according to cybersecurity firm Sysdig.

A multitude of arrows pierce a target. [numerous attacks / quantity / severity]

IoT, connected devices biggest contributors to expanding application attack surface

New report shines light on application security challenges impacting global businesses.

Two developers collaborate on a project as they review code on a display in their workspace.

Guardz debuts with cybersecurity-as-a-service for small businesses

An easy-to-use cybersecurity toolkit from Tel Aviv-based startup Guardz targets small and medium-size businesses (SMBs).

database woman in tablet mobile

Privacera connects to Dremio’s data lakehouse to aid data governance

The integration of open-source based Privacera into Dremio’s data lakehouse is designed to allow joint customer enterprises to manage and organize secure data access.

Multifactor authentication  >  Mobile phone verification of a permission request for laptop login.

Trulioo launches end-to-end identity platform

The new Trulioo platform will combine all existing Trulioo products into a single platform, allowing the ID verification firm to target global enterprise customers.

social engineering fraud impersonation neon face with hoodie by photo by sebastiaan stam on unsplash

Threat actors abuse Microsoft’s “verified publisher” status to exploit OAuth privileges

Proofpoint discovers threat actors targeting verified status in the Microsoft environment to abuse OAuth privileges and lure users into authorizing malicious apps.

international flags / global business discussion

New UN cybercrime convention has a long way to go in a tight timeframe

Nations around the world are hammering out a new cybercrime convention, but some UN members seek to criminalize activities that are not bona fide crimes.

vulnerable breach cyberattack hacker

Hackers abuse legitimate remote monitoring and management tools in attacks

Researchers and government agencies warn that threat actors are increasing their use of commercial RMM tools to enable financial scams.

Ransomware  >  A masked criminal ransoms data for payment.

FBI takes down Hive ransomware group in an undercover operation

FBI covertly infiltrated the Hive network—which has targeted more than 1,500 victims in over 80 countries around the world—and thwarted over $130 million in ransom demands.

Load More