Building a Culture of Email Security Awareness
Human error remains a significant risk for organizations when it comes to cyber threats. In fact, according to Proofpoint’s 2024 Voice of the CISO report, 74% of CISOs view human error as their...
View ArticleThousands of abandoned PyPI projects could be hijacked: Report
A vulnerability in abandoned Python open source repository projects could allow over 20,000 packages of code to be hijacked to spread malware in supply chain attacks. The warning for developers to be...
View ArticleAttackers are exploiting vulnerabilities at a record pace—here’s what to do...
“Another day, another vulnerability” is a familiar refrain among security teams worldwide. One of the most intriguing findings from our latest Fortinet Global Threat Landscape Report is that attackers...
View ArticleDutch regulator fines Clearview €30 million… or more
The Dutch Data Protection Authority, Autoriteit Persoonsgegevens, is the latest European regulator to crack down on American face-recognition firm Clearview AI, levying a €30.5 million (US$33.8...
View Article‘Unusual’ Voldemort cyberespionage attack impersonates tax authorities
Researchers have identified an attack that impersonates tax authorities from several countries to compromise organizations and deploy a custom backdoor program dubbed Voldemort. While the campaign...
View ArticleNew ALPHV-like ransomware targets VMware ESXi servers
Researchers at Trusec recently discovered a new ransomware-as-a-service group called Cicada3301. The gang provides its affiliates with a dual extortion platform that includes both a ransomware and a...
View ArticleHackers are cloning YubiKeys via new side-channel exploit
Many enterprises rely on the YubiKey as a major part of their identity authentication strategy. It is one of the most popular and best-rated FIDO (fast identity online) hardware tokens for...
View ArticleNo evidence that TP-Link routers are a Chinese security threat
A US House committee on China’s request for a probe into an alleged security threat posed by routers made by Chinese Wi-Fi giant TP-Link Technologies is based on scant evidence and misleadingly...
View ArticlePalo Alto closes IBM QRadar SaaS buy, extends security partnership
Palo Alto Networks has closed the deal to acquire IBM’s QRadar software-as-a-service security intelligence platform. Now that the deal is complete, existing QRadar customers will be moved, for no...
View ArticleWhite House brands BGP routing a ‘national security concern’ as it unveils...
The White House Office of the National Cyber Director (ONCD) has published its roadmap for fixing increasingly troublesome security weaknesses in the Internet’s core routing protocol, Border Gateway...
View ArticleCISO budget survey: Modest increases in 2024
Security budgets are either flat or increasing modestly compared to 2023, due to global economic and geopolitical uncertainty, according to a new survey of CISOs. One result is slower staff hiring....
View ArticleGitHub Actions typosquatting: A high-impact supply chain attack-in-waiting
Attackers have long tried to capitalize on typos by registering names in various systems — DNS, package repositories — close to those of popular resources. This technique, known as typosquatting, also...
View ArticleBoost security and control at every stage of the cloud application lifecycle
It’s no secret that cloud security is a complex undertaking. Today’s threat actors have grown increasingly adept at launching sophisticated attacks at scale, increasing the pressure on security teams...
View ArticleUS charges 5 Russian spies for Ukraine, NATO cyberattacks
Five officers of the Russian military intelligence service, the GRU, and an alleged civilian collaborator were charged Thursday in the US for destructive cyberattacks against Ukrainian computer...
View ArticleAdobe evolves its risk management strategy with homegrown framework
Digital business has transformed virtually everything for enterprises — and it has brought with it cybersecurity challenges perhaps unimaginable just a few years ago. “The Internet has become a much...
View ArticleNew malicious MS Office macro clusters discovered
CISOs with IT environments running older versions of Microsoft Office must upgrade immediately or risk the suite being used to spread malware using an old trick. This warning comes from Cisco Systems’...
View ArticleTwo weeks on from Pavel Durov’s arrest, Telegram ramps up moderation of...
Less than two weeks after Telegram founder and CEO Pavel Durov’s high-profile arrest by French police, the company has announced that it will start moderating “illegal content” in the platform’s...
View ArticleApache OFBiz patches new critical remote code execution flaw
Developers of Apache OFBiz, an open-source enterprise resource planning (ERP) framework, have released a patch for a new critical flaw that can allow unauthenticated attackers to execute arbitrary...
View ArticleClik here to view.
Updating secure boot is crucial to keeping systems secure and working properly
New security features are great, but it’s inevitable that bad actors will eventually find ways around even the most novel of protections. Keeping up with attackers may mean adjusting, changing,...
View ArticleClik here to view.
What’s next after the CISO role?
Few roles have changed as much as the chief information security officer in the nearly 30 years since Steve Katz first held the title at Citicorp in the mid-1990s. As the role has evolved from...
View Article