News
NIST names new post-quantum cryptography standards
One public-key encryption and three digital signature algorithms determined to provide the best defense against quantum attacks.
APT campaign targeting SOHO routers highlights risks to remote workers
The ZuoRAT remote access Trojan malware can compromise multiple router brands and likely has been active for years.
SQL injection, XSS vulnerabilities continue to plague organizations
Errors that allow SQL injection and cross-site scripting attacks are still the top vulnerabilities that pen-testers find, especially at smaller companies.
Asia could be placing all the wrong cybersecurity bets
Only 12% of companies in Asia quantify their financial exposure to cyber threats, less than half the global average of 26% according to a recent study by Microsoft and Marsh.
Zero-day flaw in Atlassian Confluence exploited in the wild since May
Atlassian has issued emergency patches for the vulnerability, which could allow attackers to perform remote code execution.
Google Cloud previews advanced new API security features
Google’s latest security update for Google Cloud is aimed at curbing API-based attacks.
SolarWinds creates new software build system in wake of Sunburst attack
Lessons learned from software supply chain breach lead to innovative and secure development scheme.
Google Cloud gets new built-in security features
MITRE ATT&CK integration and baked-in DDoS prevention are now available in Google Cloud.
Sysdig Secure update adds ability to stop container attacks at runtime
Sysdig's Drift Control detects and stops attempts to run packages or binary files that were added or modified at runtime.
Russian DDoS attack on Lithuania was planned on Telegram, Flashpoint says
Russian cybercollective Killnet dropped evidence of possible collaboration with ransomware gang Conti in its hacking campaign against Lithuania on a Telegram channel, security company Flashpoint reports.
Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation
Russia will use what it learned from its destructive cyber actions in Ukraine for other operations. "There is no going back to normal."
Security startup Cerby debuts with platform to manage shadow IT
The Cerby system automates and streamlines the detection and protection of "unmanageable" applications, providing a platform that centralizes application enrollment, access and monitoring.
5 years after NotPetya: Lessons learned
NotPetya vastly broadened the scope of damage that malware attacks could do and forced CISOs and security researchers to rethink their approach.
Mitek launches MiVIP platform to fight identity theft
The Mitek Verified Identity Platform can leverage multiple authentication technologies to provide security across the transaction lifecycle.
Italian spyware firm is hacking into iOS and Android devices, Google says
RCS Lab spyware uses known exploits to install harmful payloads and steal private user data, according to a Google report.
![A hand controls a small marionette. [control / manipulation / social engineering]](https://images.idgesg.net/images/article/2020/09/hand_controls_small_marionette_puppet_control_manipulation_social_engineering_by_spiffyj_gettyimages-1182246224_2400x1600-100858607-small.3x2.jpg?auto=webp&quality=85,70)
5 social engineering assumptions that are wrong
Cybercriminals continue to launch creative social engineering attacks to trick users. Meanwhile, social engineering misconceptions are exacerbating the risks of falling victim.
Open-source software risks persist, according to new reports
Companies are still struggling to gain confidence in the security of their open-source projects, but shifting security earlier in the development process shows promise.
Kaseya closes $6.2 billion Datto deal, vows to cut prices
The IT services software provider promises lower costs for consumers, tight integration between the two companies’ products.
Most Popular
BrandPosts
Learn more-
Sponsored by Microsoft Security
-
Sponsored by Fortinet
-
Sponsored by CrowdStrike