News

Industry 4.0 / Industrial IoT / Smart Factory
data pipeline primary

Encryption  >  A conceptual technological lock and encrypted code.

NIST names new post-quantum cryptography standards

One public-key encryption and three digital signature algorithms determined to provide the best defense against quantum attacks.

trojan horse malware virus binary by v graphix getty

APT campaign targeting SOHO routers highlights risks to remote workers

The ZuoRAT remote access Trojan malware can compromise multiple router brands and likely has been active for years.

A broken link in a digital chaing / weakness / vulnerability

SQL injection, XSS vulnerabilities continue to plague organizations

Errors that allow SQL injection and cross-site scripting attacks are still the top vulnerabilities that pen-testers find, especially at smaller companies.

CSO  >  danger / security threat / malware / frustrated businessman overwhelmed by infected files

Asia could be placing all the wrong cybersecurity bets

Only 12% of companies in Asia quantify their financial exposure to cyber threats, less than half the global average of 26% according to a recent study by Microsoft and Marsh.

zeroday software bug skull and crossbones security flaw exploited danger vulnerabilities by gwengoa

Zero-day flaw in Atlassian Confluence exploited in the wild since May

Atlassian has issued emergency patches for the vulnerability, which could allow attackers to perform remote code execution.

abstract internet network cyber security concept picture id1072278762

Google Cloud previews advanced new API security features

Google’s latest security update for Google Cloud is aimed at curbing API-based attacks.

programmer certification skills code devops glasses student by kevin unsplash

SolarWinds creates new software build system in wake of Sunburst attack

Lessons learned from software supply chain breach lead to innovative and secure development scheme.

Google Cloud

Google Cloud gets new built-in security features

MITRE ATT&CK integration and baked-in DDoS prevention are now available in Google Cloud.

security monitoring

Sysdig Secure update adds ability to stop container attacks at runtime

Sysdig's Drift Control detects and stops attempts to run packages or binary files that were added or modified at runtime.

DDOS attack

Russian DDoS attack on Lithuania was planned on Telegram, Flashpoint says

Russian cybercollective Killnet dropped evidence of possible collaboration with ransomware gang Conti in its hacking campaign against Lithuania on a Telegram channel, security company Flashpoint reports.

Cyber warfare  >  Russian missile launcher / Russian flag / binary code

Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation

Russia will use what it learned from its destructive cyber actions in Ukraine for other operations. "There is no going back to normal."

security monitoring

Security startup Cerby debuts with platform to manage shadow IT

The Cerby system automates and streamlines the detection and protection of "unmanageable" applications, providing a platform that centralizes application enrollment, access and monitoring.

ransomware breach hackers dark web

5 years after NotPetya: Lessons learned

NotPetya vastly broadened the scope of damage that malware attacks could do and forced CISOs and security researchers to rethink their approach.

Impersonation / disguise / fraud / false identity / identity theft

Mitek launches MiVIP platform to fight identity theft

The Mitek Verified Identity Platform can leverage multiple authentication technologies to provide security across the transaction lifecycle.

spyware alert notification

Italian spyware firm is hacking into iOS and Android devices, Google says

RCS Lab spyware uses known exploits to install harmful payloads and steal private user data, according to a Google report.

A hand controls a small marionette. [control / manipulation / social engineering]

5 social engineering assumptions that are wrong

Cybercriminals continue to launch creative social engineering attacks to trick users. Meanwhile, social engineering misconceptions are exacerbating the risks of falling victim.

noops code developer devops html web developer by mazimusnd getty

Open-source software risks persist, according to new reports

Companies are still struggling to gain confidence in the security of their open-source projects, but shifting security earlier in the development process shows promise.

handshake

Kaseya closes $6.2 billion Datto deal, vows to cut prices

The IT services software provider promises lower costs for consumers, tight integration between the two companies’ products.

Load More