Most attacks affecting SMBs target five older vulnerabilities
Attackers continue to aggressively target small and mid-size businesses using high-profile vulnerabilities dating back a decade or more, network telemetry shows. Between January and March this year,...
View ArticleCyber breach misinformation creates a haze of uncertainty
As the landscape of cybercrime evolves, the challenge of navigating the fog of uncertainty is intensifying. The increasing frequency of false or misleading reports is creating a web of misinformation...
View ArticleClose the barn door now! Avoid the risk of not monitoring retained access...
Companies spend thousands of dollars (sometimes hundreds of thousands) to recruit the right person, put them through the interview cycle, then onboard them. Once an employee is within the corporate...
View ArticleUnitedHealth hackers exploited Citrix vulnerabilities, CEO to testify
Amid strong calls for enhanced cybersecurity measures in healthcare, UnitedHealth is set to testify this week that, on February 12, hackers exploited compromised credentials to gain remote access to a...
View ArticleSecuriti adds distributed LLM firewalls to secure genAI applications
To address the emerging threats around generative artificial intelligence (gen AI) systems and applications, cybersecurity provider Securiti has launched a firewall offering for large language models...
View ArticleChinese threat actor engaged in multi-year DNS resolver probing effort
For the past five years, a threat actor that’s likely connected to the Chinese government has been sending out unusual DNS queries to IP addresses over the internet to map open DNS resolvers inside...
View Article3 Windows vulnerabilities that may not be worth patching
It’s getting ever harder to keep a network safe and secure from attacks, whether cloud-based, hybrid, or on-premises. Bad actors are employing a dizzying variety of methods, from social engineering to...
View ArticleThe CSO guide to top security conferences
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have...
View Article5 key takeways from Verizon’s 2024 Data Breach Investigations Report
Cyber criminals are deploying new and innovative lines of attacks along with variations on tried-and-true methods that remain successful, Verizon’s 2024 Data Breach Investigations Report has found....
View ArticleNIST publishes new guides on AI risk for developers and CISOs
The US National Institute of Standards and Technology (NIST) this week published four guides designed to give AI developers and cybersecurity professionals a deeper dive on the risks addressed by the...
View ArticleBiden delivers updated take on security for critical infrastructure
Amid serious cyberattacks by Russian and Chinese threat actors, the Biden administration issued a new National Security Memorandum (NSM-22) to update Presidential Policy Director 21 (PPD-21) from the...
View ArticleMost interesting products to see at RSAC 2024
Themed the Art of Possible, the 2024 RSA Conference takes place between 6 and 9 of May and will offer insights into the latest trends, how to master new skills, and more. More than 640 vendors will...
View ArticleUnitedHealth hack may impact a third of US citizens: CEO testimony
UnitedHealth CEO Andrew Witty testified before the House Energy and Commerce Committee that the personal data of potentially a third of US citizens may have been exposed on the dark web following the...
View ArticleDropbox Sign hack exposed user data, raises security concerns for e-sign...
In a major blow to user trust, Dropbox revealed a security breach in its e-signature platform, Dropbox Sign, formerly known as HelloSign. Unauthorized and unknown entities accessed Dropbox Sign’s...
View ArticleIranian hackers harvest credentials through advanced social engineering...
An Iranian state-sponsored actor known for cyber espionage activities has been using enhanced social engineering tactics, such as posing as journalists and event organizers, to gain access into victim...
View ArticleLayerX Security Raises $26M for its Browser Security Platform, Enabling...
LayerX, pioneer of the LayerX Browser Security platform, today announced $26 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell...
View ArticleClik here to view.
Malware explained: How to prevent, detect and recover from it
What is malware? Malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and gain access to sensitive...
View ArticleMicrosoft continues to add, shuffle security execs in the wake of security...
Microsoft has added new chief information security officers (CISOs) to product teams and appointed a new deputy CISO to liaise with customers. The moves are part of an ongoing attempt to revamp the...
View ArticleCISA, FBI urge developers to patch path traversal bugs before shipping
US Cybersecurity Infrastructure and Security Agency (CISA) and the FBI have issued a joint advisory to developers, urging them to check for path traversal vulnerabilities before shipping a software....
View ArticleAI governance and cybersecurity certifications: Are they worth it?
The International Association of Privacy Professionals (IAPP), SANS Institute, and other organizations are releasing new AI certifications in the areas of governance and cybersecurity or adding new AI...
View Article