News

USA / United States of America stars + stripes and binary code superimposed over The White House

Biden memo aims to bolster cybersecurity in national security systems

Cybersecurity > Email security threats, such as phishing

INTERPOL and Nigerian Police bust business email compromise ring, arrest 11

Eyeglasses rest on a binary field / code review / threat assessment / check vulnerabilities

Supply chain vulnerability allows attackers to manipulate SAP transport system

The vulnerability permits malicious interference in the SAP change management and software deployment processes. SAP issues patch to protect file system from exploitation.

Hands are stacked together in unity and trust. [colleagues / teamwork / collaboration]

Tech sector embraces public-private collaboration on open-source software security

Participants in a White House meeting on securing open-source software expressed optimism for working effectively with government to help prevent Log4j-like events.

A conceptual security grid of locks overlays a network / datacenter / server room.

Thousands of enterprise servers are running vulnerable BMCs, researchers find

According to analysis by firmware security firm Eclypsium, 7,799 HPE iLO (HPE's Integrated Lights-Out) server baseboard management controllers (BMCs) are exposed to the internet and most do not appear to be running the latest version...

Conceptual image of a network of executives / silhouettes of executives in motion.

New US CISO appointments, January 2022

Keep up with news of CSO, CISO, and other senior security executive appointments.

thinkstockphotos 499123970 laptop security

Microsoft touts first PCs to ship natively with secure Pluton chip

Along with thwarting malware, the Pluton chip handles BitLocker, Windows Hello, and System Guard and might help prevent physical insider attacks. The technology is also being used in Azure Sphere in the cloud.

An anonymous hooded figure is surrounded by an abstract network of avatars.

Cybercrime group Elephant Beetle lurks inside networks for months

Elephant Beetle specializes in stealing money from financial and commerce firms over an extended period of time while remaining undetected.

Cybersecurity > abstract network of circuits data and lock

CISA sees no significant harm from Log4j flaws but worries about future attacks

The U.S. cybersecurity agency can't rule out that adversaries are using Log4j to gain persistent access to launch attacks later.

a hooded figure targets a coding vulnerability

New Log4Shell-like vulnerability impacts H2 Java SQL database

Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk.

cloud security / data protection / encryption / security transition

MITRE: To test and gain confidence in MSSPs, use ATT&CK framework

Companies have greater confidence in their own security teams than in MSSPs, according to a new survey. To better evaluate service provider capabilities, companies can apply techniques used by the ATT&CK (adversarial tactics,...

rules rulebook law compliance regulation by baloon111 getty

FTC, SEC raise legal risks surrounding the log4j flaw

The U.S. Federal Trade Commission also threatened possible legal action for companies that don't address the risk from the Log4j vulnerabilities.

Gears in the form of a cloud in a binary field > Cloud controls

UK NCSC updates Cyber Essentials technical controls requirements and pricing structure

Technical controls update includes revisions surrounding the use of cloud services, multi-factor authentication, and password management. New pricing structure better reflects organisational size and complexity.

human weak link cybersecurity primary

Supply chain attacks show why you should be wary of third-party providers

The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.

A stressed businessman with head in hand sits at a desk and computer in an office workspace.

Security leaders on how to cope with stress of Log4j

The Log4j vulnerability puts great pressure on security teams already stretched thin dealing with ransomware and other attacks. This advice will help them cope.

Skull-and-crossbones, code and the 'stop' gesture: hand held forward, palm out, fingers pointing up

Second Log4j vulnerability carries denial-of-service threat, new patch available

The fallout from the Apache Log4j vulnerability continues as researchers discover a second exploit that could lead to denial-of-service attacks. A patch is available to fix the issue.

cso security hacker breach privacy ransomware malware attack gettyimages 1216075693 by towfiqu aham

Survey: Hackers approach staff to assist in ransomware attacks

Cyberattackers have approached employees in 48% of organizations in North America to assist in ransomware attacks, according to a report by Pulse and Hitachi ID.

Security system alert, warning of a cyberattack.

Cybereason, Google Cloud launch XDR solution to streamline threat detection and response

New joint solution enhances ability to predict, detect, and respond to cyberattacks at scale across endpoints, networks, identities, cloud, and workspaces.

USA / United States of America stars + stripes and binary code superimposed over The White House

NIST gears up for software security and IoT labeling pilot programs

Intended to help consumer make more secure software and IoT device purchases, the labeling guidelines are voluntary and self-policing at this time.

Abstract Java code

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it.

Load More