The No Good, Very Bad Week for Iran’s Nation-State Hacking Ops
A look at the state of Iran's cyber operations as the US puts the squeeze on it with a pile of indictments and sanctions.
GitHub Tool Spots Security Vulnerabilities in Code
Scanner, which just became generally available, lets developers spot problems before code gets into production.
Cloud Misconfiguration Mishaps Businesses Must Watch
Cloud security experts explain which misconfigurations are most common and highlight other areas of the cloud likely to threaten businesses.
What Legal Language Should I Look Out for When Selecting Cyber Insurance?
At times, vague coverage can actually work for you.
A Guide to the NIST Cybersecurity Framework
With cybersecurity threats growing exponentially, it has never been more important to put together an efficient cyber-risk management policy, and NIST's framework can help.
COVID-19 Creates Opening for OT Security Reform
Operations technology was once considered low risk, at least until the virus came along and re-arranged the threat landscape.
Phishing Attack Targets Microsoft 365 Users With Netflix & Amazon Lures
Cyberattacker TA2552 primarily targets Spanish speakers with messages that leverage a narrow range of themes and popular brands.
Attacker Dwell Time: Ransomware’s Most Important Metric
How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network
Microsoft: Ransomware & Nation-State Attacks Rise, Get More Sophisticated
Malware-based attacks are out, phishing is in, along with credential stuffing and business email compromise. Microsoft recommends defensive tactics in its new report on rising threats.
DDoS Attacks Soar in First Half of 2020
Shorter, faster, multivector attacks had a greater impact on victims.
New Campaign by China-Linked Group Targets US Orgs for First Time
In a least one instance, the Palmerworm APT group was able to remain undetected on a compromised system for nearly six months, according to Symantec.
Securing Slack: 5 Tips for Safer Messaging, Collaboration
Remote workers and scattered teams are relying on Slack more and more for messaging and collaboration. Here are a few extra tips for keeping data and systems more secure when using Slack.
Vulnerability in Wireless Router Chipsets Prompts Advisory
Synopsys issues an advisory for vulnerabilities affecting the chipsets of wireless routers from Qualcomm, Mediatek, and Realtek.
Shifting Left of Left: Why Secure Code Isn’t Always Quality Code
Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.
State-Sponsored Hacking Groups Increasingly Use Cloud & Open Source Infrastructure
Microsoft shuts down Azure Active Directory instances used by attackers to evade detection and warns that the use of open source tools by espionage groups is growing.
The Shared Irresponsibility Model in the Cloud Is Putting You at Risk
Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?
test chunk server
Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.
Ivanti Acquires Two Security Companies
Purchase of MobilIron and Pulse Secure announced simultaneously.
9 Tips to Prepare for the Future of Cloud & Network Security
Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.
Russian Gets 7 Years in Prison for Linkedin, Dropbox & Formspring Hacks
A Russian man received a seven-year prison sentence for having hacked into computers belonging to LinkedIn, Dropbox and Formspring. On September 30, Honorable William H. Alsup, U.S. District Judge for the Northern District of California, sentenced Yevgeniy Alexandrovich Nikulin,...
Detecting Deep Fakes with a Heartbeat
Researchers can detect deep fakes because they don’t convincingly mimic human blood circulation in the face:
In particular, video of a person’s face contains subtle shifts in color that result from pulses in blood circulation. You might imagine that these...
Anthem to Pay Nearly $40M Settlement Over 2015 Cyberattack
Health insurer Anthem has agreed to another multimillion-dollar settlement over a cyberattack on its technology that exposed the personal information of nearly 79 million people.
read more
#BeCyberSmart – why friends don’t let friends get scammed
Friends don't let friends get scammed. Because cybercrime hurts us all.
Why a Security Maturity Model Can Transform How You Use Analytics
With cyberattacks and breaches on the rise, security should be a major concern for all companies. In particular, enabling the development of an analytics maturity model is a useful addition to your traditional security information and event management (SIEM)-based...
