News

DDOS attack

Google Cloud blocks largest HTTPS DDoS attack ever

two tiny figures study dashed lines with arrows indicating different directions or paths

NIST CSF 2.0 Workshop emphasizes global appeal, metrics and assessment

Tech Spotlight > The Future of Work [CSO] > Laptop user with virtual security overlay.

New Deep Instinct partner program targets MSSPs fighting ransomware

Deep Instinct's Stratosphere program is indirectly aimed at small and medium-size businesses, which are increasingly turning toward MSSPs (managed security service providers).

CSO > IoT / Internet of Things, unencrypted/unsecured/vulnerable

Universal database of device vulnerability information launched

DeviceTotal's new repository includes security data for all devices on the market with the aim to better mitigate vulnerabilities.

p1200740

Google updates Chronicle with enhanced threat detection

Google Cloud’s Chronicle will now offer curated threat detection as part of its analytics initiative in the Chronicle SecOps suite.

Industry 4.0 / Industrial IoT / Smart Factory / robotics / automation

"Evil PLC Attack" weaponizes PLCs to infect engineering workstations

Researchers demonstrate a proof of concept where hijacked programmable logic controllers can compromise engineering workstations to allow lateral movement.

cso security hacker breach privacy ransomware malware attack gettyimages 1216075693 by towfiqu aham

Safe Security debuts two free risk assessment tools for businesses

Organizations can gauge their cybersecurity risk factors by using Safe Security’s new online calculators.

water infrastructure / wastewater treatment facility / sewage treatment plant

Exposed VNC instances threatens critical infrastructure as attacks spike

Threats surrounding Virtual Network Computing laid bare as attacks targeting critical infrastructure increase.

adding processor to circuit board computer hardware

New exploits can bypass Secure Boot and modern UEFI security protections

Two research groups demonstrate PC firmware vulnerabilities that are difficult to mitigate and likely to be exploited in the wild.

Conceptual image of a network of executives / silhouettes of executives in motion.

New US CISO appointments, August 2022

Keep up with news of CSO, CISO, and other senior security executive appointments.

Top cybersecurity products unveiled at Black Hat 2022

Here are some of the most interesting new products launched at Black Hat USA 2022, including zero trust, extended detection and response (XDR), and a host of other threat and vulnerability management offerings.

Close-up shot of an eye and eyewear with binary streams in the foreground.

FTC begins sweeping commercial surveillance and lax data security rulemaking process

While some praise the FTC's efforts, some in Congress worry that it overlaps with and possibly jeopardizes the passing of the American Data Privacy and Protection Act.

secure system / network security policy management

Network mistakes, misconfigurations cost companies millions

Titania research pegs losses from misconfigurations at average of 9% of annual revenue.

An anonymous hooded figure consisting of binary code stands in a virtual corridor of circuits.

What happened to the Lapsus$ hackers?

Despite using methods that are "bold, illogical, and poorly thought out, Lapsus$ has successfully breached companies like Microsoft, Vodafone and Nvidia.

cso security hack breach identity infiltrate gettyimages 653137674 by solarseven 2400x1600px

Cisco admits hack on IT network, links attacker to LAPSUS$ threat group

Cisco says an employee’s credentials were compromised after an attacker gained control of a personal Google account.

lies that people tell themselves pinocchio liar lying by malerapaso getty

How a Venezuelan disinformation campaign swayed voters in Colombia

A Black Hat presentation explains how Russia-aligned Venezuela influenced the presidential election in Colombia to its political benefit.

cloud security

Sensitive data in the cloud gets new automated remediation tool from BigID

An automated watchdog designed to keep private files in cloud storage secure is now available for Google Drive users, from data intelligence and management company BigID.

p1200405

Microsoft urges Windows users to run patch for DogWalk zero-day exploit

Despite previously claiming the DogWalk vulnerability did not constitute a security issue, Microsoft has now released a patch to stop attackers from actively exploiting the vulnerability.

Security system alert, warning of a cyberattack.

CrowdStrike adds AI-powered indicators of attack to Falcon platform

The new feature leverages millions of examples of malicious activity to more accurately identify signs of an attack.

A laptop displays binary code and the flag of China.

Chinese APT group uses multiple backdoors in attacks on military and research organizations

The TA428 group has been successful by targeting known vulnerabilities and using known detection evasion techniques.

Load More