Google abandons plans to drop third-party cookies in Chrome
As a major update to Chrome’s new cross-site tracking protection policy, Google announced that it is no longer considering dropping support for third-party cookies. Third-party cookies, which refer to...
View ArticleCrowdStrike failure: What you need to know
Cybersecurity vendor CrowdStrike initiated a series of computer system outages across the world on Friday, July 19, disrupting nearly every industry and sowing chaos at airports, financial...
View ArticleICS malware FrostyGoop disrupted heating in Ukraine, remains threat to OT...
Security researchers warn about a new malware threat designed to interact with industrial control systems (ICS) over the Modbus protocol. The malicious program was used in January in a cyberattack...
View ArticlePort shadow: Yet another VPN weakness ripe for exploit
A new flaw in virtual private networks (VPNs) was reported last week at a security conference. The flaw, discovered by a collection of academic and industry researchers, has to do with a vulnerability...
View ArticleCountdown to DORA: How CISOs can prepare for EU’s Digital Operational...
The finance sector has been among cybercriminals’ favourite targets. Nearly one-fifth of all recent cyberattacks were aimed at financial firms, with banks being the most vulnerable of all, according...
View ArticleCrowdStrike meltdown highlights IT’s weakest link: Too much administration
The most unsafe part of our technology ecosystem isn’t the number of unpatched systems we have. Nor is it shadow IT, whether it’s homegrown software or the burgeoning bring-your-own-SaaS ecosystem....
View ArticleHackers leak documents stolen from Pentagon contractor Leidos
Hackers have breached the systems of Leidos Holdings, a major contractor for the US government, and leaked stolen internal documents online, Bloomberg News reported. The leak is believed to be tied to...
View ArticleCrowdStrike blames testing shortcomings for Windows meltdown
CrowdStrike has blamed a hole in its testing software for the release of a defective content update that hobbled millions of Windows computers worldwide on Friday, July 19. The hole caused...
View ArticleMicrosoft Defender SmartScreen bug actively used in stealer campaign
An actively exploited security bypass vulnerability in Microsoft Defender SmartScreen is being exploited in a new stealer campaign to download malicious executables on the victim’s system. Tracked as...
View ArticleHow attackers evade your EDR/XDR system — and what you can do about it
A recent global survey noted that CISOs and their organizations may be too reliant on endpoint detection and response (EDR) and extended detection and response (XDR) systems, as attackers are...
View ArticleProject 2025 could escalate US cybersecurity risks, endanger more Americans
The Heritage Foundation’s nearly 1,000-page Project 2025 report is what the conservative DC-based think tank hails as a game plan for Donald Trump to follow in running the US government if he wins in...
View ArticleDocker re-fixes a critical authorization bypass vulnerability
Open source containerization platform Docker has urged users to patch a critical vulnerability affecting certain versions of the Docker Engine that allows privilege escalation using specially crafted...
View ArticleDNSSEC explained: Why you might want to implement it on your domain
What is DNSSEC? The Domain Name System Security Extensions (DNSSEC) is a set of specifications that extend the Domain Name System (DNS) protocol by adding cryptographic authentication for responses...
View ArticleWhat CISOs can do to bridge their cyber talent gap
Empirical evidence shows that global cyber threats have increased twofold in the past few years. The IMF study, “Rising Cyber Threats Pose Serious Concerns for Financial Stability” (the title itself...
View ArticleDownload the unified endpoint management (UEM) platform enterprise buyer’s guide
From the editors of our sister publication Computerworld, this enterprise buyer’s guide helps IT staff understand what the various unified endpoint management (UEM) platforms can do for their...
View ArticleCounting the cost of CrowdStrike: the bug that bit billions
As eye-popping estimates emerge for the cost to enterprises of dealing with aftermath of last week’s CrowdStrike-induced outages, it’s crucial to break down the sources of these expenses and...
View ArticleSecure Boot no more? Leaked key, faulty practices put 900 PC/server models in...
Security researchers warn that some PC and server manufacturers are using insecure cryptographic keys as the root of trust for Secure Boot, an important security feature in modern computers that...
View ArticlePM names new cybersecurity minister
Australia’s Prime Minister Anthony Albanese has named a new minister for home affairs and for cybersecurity. Tony Burke will take on the responsibility along with immigration and multicultural...
View ArticleCrowdStrike debacle underscores importance of having a plan
The dust is largely settled from the global blue-screen-of-death (BSD) CrowdStrike inflicted on over 8.5 million Windows devices by its flawed delivery of a channel file in its Falcon Sensor update,...
View Article2024 Olympics put cybersecurity teams on high alert
As athletes from around the world vie for gold at the 2024 Olympics and Paralympics in Paris, cybercriminals are fine-tuning their own game plans to hack, attack, and exploit the largest event on the...
View Article