Auth0 Credential Guard Detects Breached Passwords to Prevent Account Takeover

New feature adds a dedicated security team and support for multiple languages to prevent fraudulent access with stolen credentials.

Log4j and the Role of SBOMs in Reducing Software Security Risk

Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous — vulnerabilities can be "hidden" in open source components.

Mitigate Ransomware Risks With Modern Log Management

Enterprises using a modern log management platform have key tools in place to detect and mitigate some of the risks from a ransomware attack.

Microsoft Issues 51 CVEs for Patch Tuesday, None 'Critical'

One publicly known flaw — an elevation-of-privilege bug in Windows Kernel — was included in the patches.

Google Cuts User Account Compromises in Half With Simple Change

The online tech giant auto-enabled two-step verification for more than 150 million users, throwing up steep hurdles against scammers and attackers.

Get Started on Continuous Compliance Ahead of PCI DSS v4.0

Here's what retailers and anyone collecting payments can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.

Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks

Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders.

Prioritizing the Right Vulnerabilities to Reduce Risk

Prioritization needs to be part of vulnerability management if security teams are to keep up and mitigate issues in a timely manner.

Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws

Companies are scanning more applications for vulnerabilities — and more often.

Cyber Terrorism Is a Growing Threat & Governments Must Take Action

With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere.

Qualys Launches Context XDR

Qualys Context XDR provides the security context that operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality, and threat intelligence.

InterVision Unveils Ransomware Protection as a Service

InterVision RPaaS solution provides protection, response, and recovery in one managed service.

DeepSurface Security Secures $4.5M for Business Expansion

Funding round was led by Differential Ventures, an artificial intelligence and cybersecurity seed venture fund.

Salesforce DevOps Needs Guardrails

Some companies go too fast when it comes to SaaS, DevOps, and security, but smart developers and implementers will respect some basic guidelines to keep their product safe.

Russian APT Steps Up Malicious Cyber Activity in Ukraine

Actinium/Gameredon's attacks are another reminder of why organizations need to pay additional scrutiny to systems in the region.

FBI Publishes Indicators of Compromise for LockBit 2.0 Ransomware

Flash bulletin alert includes mitigation strategies for defending against the ransomware.

A Prophylactic Approach for Today's Vulnerable Websites and Web Apps

Take a proactive approach to client-side security: Why monitoring your JavaScript programming language is so important to your overall security posture.

SecurityScorecard Acquires LIFARS

SecurityScorecard adds digital forensics and incident response to strengthen its products.

When Multifactor Authentication Is Compromised: Fighting Back With AI

Now that attackers can bypass preventative controls, we need to find and stop the attackers when they're already inside.

Log4j: Getting From Stopgap Remedies to Long-Term Solutions

This pervasive vulnerability will require continued care and attention to fully remediate and detect permutations. Here are some ways to get started.

Name That Edge Toon: Head of the Table

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

The 3 Most Common Causes of Data Breaches in 2021

Phishing, smishing, and business email compromise continue to do their dirty work.

Expert Insights: Training the Data Elephant in the AI Room

Be aware of the risk of inadvertent data exposure in machine learning systems.

China-Linked Group Attacked Taiwanese Financial Firms for 18 Months

The Antlion group, also known as Pirate Panda and Tropic Trooper, has shifted to targeting mainly Taiwan, using custom backdoors against financial organizations.

Want to Be an Ethical Hacker? Here's Where to Begin

By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession.

Mac Malware-Dropping Adware Gets More Dangerous

The authors of UpdateAgent have tweaked it yet again — for the fifth time in less than 18 months.

Mandiant Bolsters SaaS Platform With Integration of New Attack Surface Management Module

New automated offering helps organizations gain comprehensive visibility across IT environments, continuously monitor for vulnerabilities, operationalize threat intelligence and manage risk.

Several India-Based Call Centers Indicted by US DoJ

"Scam robocall" operators face charges for defrauding US citizens.

The Future of Cybersecurity: Our Predictions for 2022

New technologies and workplace trends are fueling a global explosion in cybercrime. Discover the threats to watch out for in 2022.

Tenable Launches Suite of New Features to Cloud-Native Application Security Platform

Tenable.cs enhancements secure cloud resources, container images, and cloud assets

Research From Quantum and ESG Reveals Top Challenges in Data Management

Unstructured data management, storage complexity and cost remain barriers to adoption, resulting in valuable data being discarded or mismanaged.

Menlo Security Finds Cloud Migration and Remote Work Gives Rise to New Era of Malware, Highly Evasive Adaptive Threats (HEAT)

Menlo identified 224% increase in HEAT attacks in the last six months fueling ransomware surge.

DHS Launches Cyber Safety Review Board to Analyze Major Vulnerability Events

The US Department of Homeland Security has named a 15-member review board to assess significant cybersecurity events and recommend improvements - starting with the Log4J vulnerability.

Microsoft: Multifactor Adoption Remains Low

New data shows a slow roll to strong authentication for most enterprise Windows systems.

BIO-key to Expand Customer Reach and Talent in EMEA Region

Expansion comes via definitive agreement to acquire authentication solutions provider Swivel Secure Europe.

Keeper Security Acquires Glyptodon

The acquisition enables distributed teams to connect to remote or cloud infrastructure in a hyper-secure, agentless and passwordless way without a VPN.

BreachQuest Welcomes Sandy Dunn as Chief Information Security Officer

Industry cybersecurity veteran joins executive team of leading cyber experts with key experience In healthcare market.

HackNotice Releases Combined Security and Threat Awareness Service for Free

HackNotice users can now deepen their security awareness with a self-paced training course to prevent themselves from being targets of cyberattacks.

Simplifying Zero Trust Security in Healthcare Organizations

Healthcare organizations are increasingly looking at zero trust to help deter ransomware attacks, safeguard PHI, and prevent downtime.

Big Pharma Finds Patch Management a Bitter Pill

One-quarter of pharmaceutical manufacturers received a failing grade on patch management, which is a vital step in heading off ransomware attacks.

Hackers Went Wild in 2021 — Every Company Should Do These 5 Things in 2022

Practical steps companies can take to defend their critical infrastructure and avoid the financial and reputational damage that could result from a breach.

If My Organization Is Mostly in the Cloud, Do I Need a Firewall?

A firewall is still a valuable part of the IT security stack, but businesses need to consider all of their attack surfaces.

Cato Networks Delivers Instant Visibility and Control of Cloud Application Data Risk

CASB Cato converges a full CASB into its global SASE platform to defend enterprises against data breach and cloud-delivered threats.

INKY Completes Email Security Offering With Launch of Outbound Mail Protection

INKY Outbound Mail Protection manages a multistep approval workflow providing enforcement within the email system itself.

WhiteSource Threat Report Reveals Massive Uptick In Cyberattacks Related To JavaScript npm

More than 1,300 malicious npm packages have been discovered for use in supply chain attacks, cryptojacking, data stealing, and more.

Why Security Pros Are Frustrated With Cloud Security

As companies shift more operations to the cloud, a shortfall in security talent and too much security data wastes more than half of the time spent on security issues, a survey finds.

Foresite Cybersecurity Acquires Cyber Lantern

Support for more than 160 important compliance standards have been integrated into SaaS solution for small and midsize enterprises.

Managing Detections Is Not the Same as Stopping Breaches

Enterprises interested in managed detection and response (MDR) services to monitor endpoints and workloads should make sure the providers have rock-solid expertise in detecting and responding to threats.

The Real-World Impact of the Global Cybersecurity Workforce Gap on Cyber Defenders

The effect is nuanced — and fundamental to cyber defense for organizations and nations.

Olympic Athletes Advised by FBI to Bring 'Burner' Phones to Beijing

No specific threats against the Olympics, according to the FBI, but instead it's about vigilance against potential ones.

8 Security Dinosaurs and What Filled Their Footprints

Security technology has to evolve as new threats emerge and defenses improve. Here is a look back at the old breeds that are dying out.

TikTok's Roland Cloutier: How CISOs Can Foster a Culture of Security & Transparency

The social media platform's global security chief boils it down to being consistent, keeping it fun, and demonstrating the impact of choices.

Tens of Thousands of Websites Vulnerable to RCE Flaw in WordPress Plug-in

Now-patched issue in Essential Addons for Elementor gives attackers a way to carry out local file inclusion attacks, researchers say.

Secure Web Browsers Tackle Ransomware, Insider Threat in Enterprises

Enterprise security teams can use secure Web browsers to apply controls and governance to cloud applications and customer data.

ThycoticCentrify Renamed Delinea

Privileged access management vendor rebrands.

Nucleus Security Forms Strategic Partnership with Mandiant

Intent is to enhance vulnerability management programs with operationalized threat intelligence.

Vectra Acquires Siriux Security Technologies to Extend Leadership in Identity and SaaS Threat Management

The acquisition positions Vectra to help customers securely configure and detect active threats in cloud identity and SaaS applications, including Microsoft Azure AD and Microsoft 365.

Forescout Acquires CyberMDX to Expand Healthcare Cybersecurity Focus

Acquisition adds Internet of Medical Things (IoMT) expertise to Forescout’s IT, IoT, and OT coverage.

Ping Identity Launches PingOne DaVinci

No-code identity orchestration service enables organizations to design better user experiences with drag-and-drop simplicity.

Digital Shadows Launches New Vulnerability Intelligence Module

New capability simplifies challenge of prioritizing CVEs for faster triage and remediation.