Aflac’s shift to passkeys brings big business benefits
At supplemental insurance provider Aflac, safeguarding information collected on behalf of employees and the customers and businesses they serve is a key tenet of the company’s culture, says Tim...
View ArticleUnderstanding and Mitigating the Risks of Email Forwarding
Email forwarding, while a seemingly harmless and convenient feature, can pose significant risks to data security and compliance. When misused or left unchecked, email forwarding can lead to...
View ArticleFortinet confirms breach that likely leaked 440GB of customer data
Fortinet has confirmed a data breach that has allegedly compromised 440GB of Azure SharePoint files containing Fortinet customer data. The company, in a Thursday blog, said it suffered a security...
View ArticleNew cryptomining campaign infects WebLogic servers with Hadooken malware
A new attack campaign compromises misconfigured Oracle WebLogic servers and deploys a backdoor program called Hadooken along with a cryptocurrency mining program, apparently to take advantage of weak...
View ArticleNewly patched Ivanti CSA flaw under active exploitation
IT management solutions provider Ivanti confirmed that a high-severity flaw patched this week in an older version of its Cloud Service Appliance (CSA) has been exploited in attacks. The vulnerability...
View ArticleTop 10 ransomware groups to watch
The ransomware landscape has seen a lot of fragmentation over the past couple of years with major groups shutting down after they became the target of law enforcement actions or after they attracted...
View ArticlePatch management: A dull IT pain that won’t go away
Enterprise security patching remains a challenge despite improvements in both vulnerability assessment and update technology. Competing priorities, organizational challenges, and technical debt...
View ArticlePort of Seattle says August cyberattack was Rhysida ransomware
The Port of Seattle has confirmed that Rhysida ransomware was used in a cyberattack that took down key computer systems on August 24. The US government agency that manages the Seattle-Tacoma...
View ArticleMicrosoft summit plots end of kernel access for EDR security clients
Microsoft has dropped heavy hints that change is coming to the way security products interact with the critical core of the Windows platform, its software kernel, spurred to action by the IT outage...
View ArticlePreparing for the next big cyber threat
In an increasingly uncertain world, with internal risks and external social, economic and geopolitical threats to organizational development and automation looming overhead, CSOs have been adopting...
View ArticleEntro Security Labs Releases Non-Human Identities Research Security Advisory
Analysis of millions of real-world NHI secrets by Entro Security Labs reveals widespread, significant risks, emphasizes need for improved Secrets Management security practices Entro Security,...
View ArticleAI-SPM buyer’s guide: 9 security posture management tools to protect your AI...
Widespread adoption of generative AI across businesses has increased the need for contingencies, including AI security software. It is a tall order because AI’s reach into an organization’s...
View ArticleWill potential security gaps derail Microsoft’s Copilot?
Microsoft has bet big on Copilot, the generative AI (genAI) assistant it’s integrating into nearly its entire product line, notably Microsoft 365. The company believes businesses of all sizes will buy...
View ArticleRansomware whistleblower: Columbus could have avoided its mistakes
A ransomware attack on Columbus, Ohio, has drawn international attention and condemnation for how city leaders mismanaged their response to the incident. First, the mayor’s office erroneously...
View ArticleEuropean digital identity: this is how the EU’s big bet is evolving
Imagine you’ve just arrived at your vacation destination. You have to pick up the rental car at the office and from there head to the hotel to check in. Maybe you go to the pharmacy first, because you...
View ArticleMicrosoft re-categorizes fixed Trident bug as zero day
A recently patched Windows MSHTML (Trident) Platform Spoofing Vulnerability had zero day exploitations since before July 2024, in conjunction with another MSHTML spoofing bug, according to Microsoft....
View ArticleNavigating the future of OT security
Operational technology (OT) infrastructure is facing an unprecedented wave of cyberattacks, with a reported 73% surge in incidents, according to the Fortinet 2024 State of Operational Technology and...
View ArticleWarning to ServiceNow admins: Block publicly available KB articles
Many organizations using ServiceNow are inadvertently exposing sensitive personal and corporate data through misconfigured Knowledge Base (KB) articles created by employees, says a security provider....
View ArticleMicrosoft fixes Authenticator design flaw after eight years overwriting accounts
Having ignored user complaints about a security design flaw within Microsoft Authenticator for eight years, Microsoft confirmed in an email to CSO on Tuesday that it has finally corrected the issue....
View ArticleCybersecurity vet Madison Horn makes her bid for US Congress
It’s safe to say that Madison Horn is the only candidate for US Congress in history who has ever injected Taylor Swift lyrics into a teleprompter during a pen test. A few years ago, while working in...
View Article