Whitelisting explained: How it works and where it fits in a security program
What is whitelisting? Whitelisting is a cybersecurity strategy under which only pre-approved or trusted users, entities, or actions are allowed to operate on a system or network. Instead of trying to...
View ArticleNew RansomHub ransomware gang has ties to older Knight group
One of the most active ransomware groups this year, which operates under the name RansomHub, may have its origins in an older and now defunct ransomware group called Knight, which was itself a rebrand...
View ArticleSpam blocklist SORBS shuts down after over two decades
SORBS, a list of email servers known to distribute spam, has been shut down by its current owner, Proofpoint. Industry observers said that SORBS was no longer profitable and that enterprises had long...
View ArticleAI system poisoning is a growing threat — is your security regime ready?
Consulting firm Protiviti recently worked with a client company experiencing an unusual attack: a hacker trying to manipulate the data being fed into one of the company’s AI systems. Company leaders...
View ArticleSleuthcon: Cybercrime emerges in Morocco and law enforcement gets creative
At this year’s Sleuthcon, cybersecurity professionals and law enforcement officials provided insights into various malicious actors driving the ongoing surge in cybercrime and offered glimpses into...
View ArticleNew York Times plays down impact of source code leak
Internal source code from The New York Times (NYT) has been leaked online following a breach on the newspaper’s GitHub repository. Links to a torrent purportedly carrying a 273GB archive of source...
View ArticleSnowflake: No breach, just compromised credentials, say researchers
Most Snowflake customers can heave a sigh of relief: The cloud data platform’s systems do not appear to have been compromised, cybersecurity researchers at Mandiant reported Monday. But they may have...
View ArticleCritical PyTorch flaw puts sensitive AI data at risk
Popular machine learning framework PyTorch fixed a critical vulnerability that could allow attackers to execute arbitrary commands on master nodes, potentially leading to theft of sensitive AI-related...
View ArticleCertified Ethical Hacker (CEH): Certification cost, training, and value
Certified Ethical Hacker (CEH) certification Certified Ethical Hacker (CEH) is an early-career certification for security pros interested in assessing target systems using techniques often associated...
View ArticleThe risks in mergers and acquisitions CISOs need to know
When a large company announces the acquisition of another organization, it’s often perceived as just being a financial transaction. However, the merger and acquisition (M&A) process is far more...
View ArticleNetskope secures SaaS apps with genAI
Netskope recently introduced generative AI and software-as-a-service security enhancements in its Netskope One secure access security edge (SASE) platform, which industry watchers say will help...
View ArticleFortinet grabs cloud security player Lacework
Fortinet has reached an agreement to buy cloud security company Lacework for an undisclosed amount. Founded in 2015, Lacework is known for its cloud-based machine learning, AI and automation...
View ArticleMFA soon compulsory for AWS users, passwordless authentication an option
AWS has added support for FIDO2 passkeys, a passwordless authentication method under the Fast Identity Online (FIDO) framework, for multifactor authentication — and will soon make MFA mandatory for...
View ArticleCISOs may be too reliant on EDR/XDR defenses
Attackers are easily sidestepping endpoint detection and response (EDR) and extended detection and response (XDR) defenses, often catching enterprises unaware, according to a new study of...
View ArticleIT downtime cuts enterprise profit by 9%, says study
Downtime cost large enterprises an average of $200 million annually, cutting 9% from yearly profits, according to a study commissioned by Splunk. And while ransomware accounts for a relatively small...
View ArticleThe pressure on CISOs is real: fixing the hiring process would help
CISOs are under tremendous pressure and according to multiple surveys many are looking for a graceful exit to provide self-relief. A recent report from Proofpoint noted that “66% of global CISOs are...
View Article8 critical lessons from the Change Healthcare ransomware catastrophe
Lessons are beginning to cohere from Change Healthcare’s disastrous ransomware attack that starkly illustrated the fragility of the healthcare sector, prompting calls for regulatory action. The...
View ArticleCriminals, too, see productivity gains from AI
Cyber criminals are beginning to use artificial intelligence to make their operations more effective — and their use goes way beyond creating better bait for phishing. Just as in legitimate business,...
View ArticleMicrosoft fixes dangerous zero-click Outlook remote code execution exploit
As part of its Patch Tuesday cycle, Microsoft has fixed a high-risk vulnerability in its Outlook desktop client that could be exploited by attackers to execute malicious code when opening a specially...
View ArticlePure Storage says it was breached as Snowflake victim count continues to grow
Storage vendor Pure Storage has named itself the latest company affected by the extraordinary series of cyberattacks affecting customers of data warehousing company Snowflake. The Snowflake attacks...
View Article