China’s APT40 group can exploit vulnerabilities within hours of public release
Multiple international cybersecurity agencies, including the US CISA and the UK NCSC, have issued a joint advisory warning about a Chinese state-sponsored hacker group — APT40 — actively targeting...
View ArticleCisco adds heft to cybersecurity push with acquisitions, new talent
With new leadership, key acquisitions, and a platform-based vision, Cisco is betting big on security. Cisco’s dominance in networking and telecommunications products and services is well established,...
View ArticleMicrosoft mandates Chinese staff to use iPhones, not Android
Microsoft has ordered its staff in China to use iPhones for their work starting in September. The decision effectively bars the use of Android smartphones by the tech giant’s Chinese staffers,...
View ArticleIdentity security: The keystone of trust
A few weeks ago, my wife asked me why stopping threat actors from impacting our lives is so difficult. In this digital age, the necessity to connect online brings inherent exposure to vulnerabilities....
View ArticleMD5 attack puts RADIUS networks everywhere at risk
The “secure enough” RADIUS/UDP authentication protocol may have finally met its match, and organizations that have continued to rely on RADIUS to authenticate networked devices over UDP and TCP...
View ArticleSoftware supply chain still dangerous despite a slew of efforts
In late March, Microsoft developer and engineer Andres Freund discovered that someone had placed a backdoor in the open-source data compression tool XZ Utils, a ubiquitous feature across Linux...
View ArticleMore than a CISO: the rise of the dual-titled IT leader
The role of the CISO is expanding and these C-level leaders have been acquiring responsibilities and adding roles beyond their principal function. Dual-title roles such as CISO plus CIO, CTO, VP of...
View ArticleFBI disrupts 1,000 Russian bots spreading disinformation on X
A covert Russian government-operated social media bot farm that used generative AI to spread disinformation to global users has been disrupted by a joint FBI-international cybersecurity forces...
View ArticleEvolve data breach impacted upward of 7.64 million consumers
The number of persons affected by a recent data breach at Evolve Bank & Trust exceeds 7.64 million, a document submitted to the Office of the Maine Attorney General this week by the law firm...
View ArticlePython GitHub token leak shows binary files can burn developers too
A personal GitHub access token with administrative privileges to the official repositories for the Python programming language and the Python Package Index (PyPI) was exposed for over a year. The...
View Article6 tips for consolidating your IT security tool set
Organizations have been on a spending spree when it comes to cybersecurity tools and services, as they look for ways to defend themselves against an ever-growing array of threats. This means many...
View ArticleHackers steal data of 200k Lulu customers in an alleged breach
Lulu Hypermarket, a prominent retail chain headquartered in Abu Dhabi, UAE, has allegedly experienced a significant data breach involving the personal details of at least 196,000 customers. The...
View ArticleJapan aerospace agency provides details of October data breach
The Japan Aerospace Exploration Agency (JAXA) has updated details about its October 2023 data breach and has confirmed that those attacking JAXA leveraged VPN and Microsoft 365 security holes. But the...
View ArticleRansomware attackers exploit year-old backup vulnerability
Security intelligence firm Group-IB reports that attackers from a recently created ransomware group – EstateRansomware – exploited a year old vulnerability (CVE-2023-27532) in backup software from...
View ArticleCisco Talos analyzes attack chains, network ransomware tactics
As ransomware continues to be the scourge of enterprise security teams, Cisco’s Talos security intelligence group recently analyzed ransomware groups to identify common techniques and offer...
View ArticleWhat is the CIA triad? A principled framework for defining infosec policies
What is the CIA triad? The CIA triad components, defined The CIA triad, which stands for confidentiality, integrity, and availability,is a widely used information security model for guiding an...
View ArticleTop 10 open source software security risks — and how to mitigate them
Calls for a critical look at how open-source software (OSS) is secured and used have been increasing after a number of recent scares exposed vulnerabilities and risks, in particular the XZ Utils...
View ArticleKnown SSH-Snake bites more victims with multiple OSS exploitation
CRYSTALRAY, a threat actor known to have used Secure Shell (SSH) based malware to gain access into victim systems in the past, has scaled operations to over 1,500 victims using multiple open source...
View ArticleMobile surveillance software firm mSpy suffers data breach
Mobile surveillance software firm mSpy has suffered a breach that exposed sensitive information from millions of users. Customer support tickets dating back around 10 years were hacked and leaked by...
View ArticleAT&T confirms arrest in data breach of more than 110 million customers
When confirming details of a massive data breach of about 110 million customers, AT&T on Friday also revealed that it became apparently the first enterprise to be given permission to initially...
View Article