AWS environments compromised through exposed .env files
A data extortion campaign that compromises AWS resources through credentials collected from environment (.env) files stored insecurely on web servers has been uncovered by Unit 42 researchers. The...
View ArticleWho writes the code in your security software? You need to know
The recent ban on Kaspersky security software is a reminder that we all need to review the source and coding processes of all software used in our organizations, and not just those with a government...
View ArticleCrowdStrike questions could give CISOs pause — with options available
As enterprise CISOs and other executives are still calculating the impact of CrowdStrike’s disastrous July update glitch, some feel the need to assess alternatives. The big issue is transparency or,...
View ArticleHow CISOs can tackle the pernicious problem of poisoned packages
Since the early 2000s, open-source software, accessible to all without licensing agreements, has captured an ever-growing slice of the world’s software supply. Estimates vary, but according to...
View ArticleCISOs urged to prepare now for post-quantum cryptography
After eight years of review and development, the US National Institute of Standards and Technology (NIST) has chosen three encryption algorithms as the basis for its post-quantum cryptography (PQC)....
View ArticleTech giants warn proposed Hong Kong cyber rules could undermine digital economy
Hong Kong’s proposed cybersecurity regulations have sparked controversy, with US tech giants and business groups warning the legislation could grant the government unprecedented access to computer...
View ArticleAttackers increasingly using legitimate remote management tools to hack...
Attackers are increasingly abusing legitimate network management tools to camouflage their attacks on corporate networks, according to a report by security vendor CrowdStrike. The report found a 70%...
View ArticleCustodians looking to beat offenders in the GenAI cybersecurity battle
Generative AI (GenAI) enabled threats, such as highly convincing phishing emails and morphed digital identities, which accurately mimic human communication, are evolving in real time, surpassing...
View Article8 cloud security gotchas most CISOs miss
As enterprise CISOs try and maintain security across their entire global threat landscape, they are finding themselves in a love/hate relationship with their various cloud environments. For many,...
View ArticleMicrochip suffers cyberattack, impacting manufacturing operations
US semiconductor manufacturer Microchip Technology has disclosed that an “unauthorized party” disrupted its server operations, affecting some aspects of its business. The breach was detected on August...
View ArticleCrowdStrike-Action1 deal collapses over user concerns
Cloud-based patch management and vulnerability remediation provider, Action1, has confirmed the company’s plans to stay founder-led days after the company received an acquisition offer from...
View ArticleAustralian data regulator backs off Clearview AI
The Office of the Australian Information Commissioner (OAIC) on Wednesday abandoned its multi-year effort against Clearview AI, which it had ordered to stop collecting images of people in Australia...
View ArticleIranian cyberespionage group deploys new BlackSmith malware in sophisticated...
A known Iranian APT group has revamped its malware arsenal in a campaign against a prominent Jewish religious figure, security researchers have found. The new toolset, dubbed BlackSmith, bundles most...
View ArticleWhy Your Business Needs Email Encryption Now
Protecting emails that contain sensitive data is crucial. The loss of confidential information or customer details can lead to hefty fines, negative publicity, and a significant erosion of customer...
View ArticleThe Hidden Dangers of Email Attachments
Email attachments remain one of the most common vectors for delivering malware and other cyber threats. Despite advancements in email security, businesses continue to fall victim to sophisticated...
View ArticleCrowdStrike denies merger talks with Action1
A CrowdStrike executive has taken to LinkedIn to dismiss reports that the security software vendor was in talks to acquire patch management tool maker Action1. In early August, reports by publications...
View Article3 key strategies for mitigating non-human identity risks
The exponential growth of non-human identities (NHI) — service accounts, system accounts, IAM roles, API keys, tokens, secrets, and other forms of credentials not associated with human users — has...
View ArticleHow MFA gets hacked — and strategies to prevent it
The security benefits of multifactor authentication (MFA) are well-known, yet MFA continues to be poorly, sporadically, and inconsistently implemented, vexing business security managers and their...
View ArticleEquiniti settles SEC charges stemming from a pair of cyber intrusions
The US Securities and Exchange Commission (SEC) announced on Tuesday that it has settled charges against New York-based registered transfer agent Equiniti Trust Company for “failing to assure that...
View ArticleMain Line Health deploys chaos engineering to bolster healthcare resilience
Main Line Health (MLH), a not-for-profit health system serving portions of Philadelphia and its western suburbs, faces the cybersecurity threats common to others in the healthcare sector: threat...
View Article