Early Discovery of Pipedream Malware a Success Story for Industrial Security

Cybersecurity professionals discovered, analyzed, and created defenses against the ICS malware framework before it was deployed, but expect the stakes to keep rising.

Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies

New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private Web browsing.

Contrast Security Introduces Cloud-Native Automation

New integrations enable Contrast capabilities to be delivered to Red Hat OpenShift users.

Forescout Enhances Continuum Platform With New OT Capabilities

New capabilities enable improved OT and IoT asset visibility along with data-powered threat detection and cost-effective deployments at scale.

PerimeterX Code Defender Extends Capability To Stop Supply Chain Attacks

Client-side web app security solution introduces features that give real-time visibility and control of the website attack surface, enabling businesses to stop PII theft and comply with data privacy regulations.

CyberUSA, and Superus Careers Launch Cyber Career Exchange Platform

Collaboration aimed at connecting talent and employers.

Fortress Information Security Receives $125M Strategic Investment from Goldman Sachs Asset Management

.

Comcast Business 2021 DDoS Threat Report: DDoS Becomes a Bigger Priority as Multivector Attacks are on the Rise

Comcast Business mitigated 24,845 multi-vector DDoS attacks in 2021, a 47 percent increase over 2020.

Creating Cyberattack Resilience in Modern Education Environments

From increasing cybersecurity awareness in staff, students, and parents to practicing good security hygiene for devices, using endpoint protection, and inspecting network traffic, schools can boost cybersecurity to keep students safe.

Zero-Day Exploit Use Exploded in 2021

Ransomware and other financially motivated threat actors joined nation-state-backed groups in leveraging unpatched flaws in attack campaigns, new data shows.

What Steps Do I Take to Shift Left in Security?

Security has benefited from shifting many late-cycle disciplines left or earlier in the cycle.

Devo Acquires Threat Hunting Company Kognos

Acquisition will blend autonomous threat hunting with cloud-native security analytics for automating security tasks.

Exploring Biometrics and Trust at the Corporate Level

Biometric measurements should be part of any multifactor authentication (MFA) strategy, but choose your methods carefully: Some only establish trust at the device level.

New Zscaler Research Shows Over 400% Increase in Phishing Attacks With Retail and Wholesale Industries at Greatest Risk

Annual ThreatLabz Report reveals phishing-as-a-service as the key source of attacks across critical industries and consumers globally; underscores urgency to adopt a zero-trust security model.

Cybereason Launches Digital Forensics Incident Response

Cybereason MalOp Detection Engine augmented with Nuanced DFIR Intelligence reduces the mean-time-to-detect and remediate incidents.

Alert Logic Releases MDR Incident Response Capability for Addressing a Breach

Seedrs Ltd. deployed and configured Alert Logic Intelligent Response in minutes, and immediately began blocking critical threats.

3 Ways We Can Improve Cybersecurity

To better manage risks, companies can concentrate on resilience, sharing information to protect from cyber threats, and making the cybersecurity tent bigger by looking at workers with nontraditional skill sets.

Adversaries Look for 'Attackability' When Selecting Targets

A large number of enterprise applications are affected by the vulnerability in Log4j, but adversaries aren't just looking for the most common applications. They are looking for targets that are easier to exploit and/or have the biggest payoff.

Anti-Fraud Partnership Brings Confidential Computing to Financial Services

Intel, FiVerity, and Fortanix team up to launch an AI-driven fraud detection platform into a confidential computing environment.

LinkedIn Brand Now the Most Abused in Phishing Attempts

New research shows threat actors increasingly leveraging social networks for attacks, with LinkedIn being used in 52% of global phishing attacks.

Okta Wraps Up Lapsus$ Investigation, Pledges More Third-Party Controls

Companies must enforce more security on their own third-party providers and retain the ability to conduct independent investigations, experts say.

Denonia Malware Shows Evolving Cloud Threats

Cloud security is constantly evolving and consistently different than defending on-premises assets. Denonia, a recently discovered serverless cryptominer drives home the point.

CISA, Australia, Canada, New Zealand, & UK Issue Joint Advisory on Russian Cyber Threats

The Russian government is ratcheting up malicious cyberattacks against critical infrastructure in countries supporting Ukraine.

6 Malware Tools Designed to Disrupt Industrial Control Systems (ICS)

Stuxnet was the first known malware built to attack operational technology environment. Since then, there have been several others.

The Modern Software Supply Chain: How It's Evolved and What to Prepare For

Supply chain security attacks have been becoming increasingly common and more sophisticated. Find out how to remain secure throughout the software supply chain.

Incognia Introduces New Location-Based Device Authorization Solution

Module enables apps to establish trust in new devices without adding user friction.

Lightspin Secures Infrastructure as Code Files with New GitHub Integration

Users can scan GitHub repositories and detect misconfigurations, exposed secrets and other security issues.

How Russia Is Isolating Its Own Cybercriminals

Sanctions imposed by the Biden administration, coupled with Russia's proposed initiative to cut itself off from the global Internet, is causing cybercriminals to ponder their future.

Backward-Compatible Post-Quantum Communications Is a Matter of National Security

When a quantum computer can decipher the asymmetric encryption protecting our vital systems, Q-Day will arrive.

From Passive Recovery to Active Readiness

This is the shift that companies need to make after a cyberattack.

Fortress Tackles Supply Chain Security, One Asset at a Time

Fortress Information Security will expand its Asset to Vendor Library to include hardware bill of materials and software bill of materials information.

Microsoft Launches Purview Platform to Govern, Protect, and Manage Sensitive Data

The rebranded Microsoft Purview platform integrates Microsoft 365 Compliance and Azure Purview, and adds new capabilities and products to help manage data no matter where it resides.

Millions of Lenovo Laptops Contain Firmware-Level Vulnerabilities

Three flaws present in consumer laptops can give attackers a way to drop highly persistent malware capable of evading methods to remove it, security vendor says.

More Than Half of Initial Infections in Cyberattacks Come Via Exploits, Supply Chain Compromises

Mandiant data also shows a dramatic drop in attacker dwell time on victim networks in the Asia-Pacific region — to 21 days in 2021 from 76 days in 2020.

RF Code Announces Sentry, a New Edge Solution for Remote Locations

Provides autonomous and uninterrupted monitoring of unmanned IT locations at scale.

New Kiteworks Report Reveals Significant Risk Maturity Gap

Over half of organizations admit their security and compliance controls for managing sensitive content communications—both internally and externally—are inadequate.

How to Interpret the EU's Guidance on DNS Abuse Worldwide

From higher standards in top-level domains to increased adoption of security controls, stepped-up measures can help fight DNS abuse and protect Web domains.

Verica Launches Prowler Pro to Make AWS Security Simpler for Customers

The enterprise grade solution will provide enhanced cloud security and provide new open-source tools.

76% of Organizations Worldwide Expect to Suffer a Cyberattack This Year

Study shows that more than 35% have suffered seven or more successful attacks.

Swimlane Extends Cloud-Based Security Automation into APJ Amid Momentous Growth in Region

Swimlane’s Asia-Pacific presence grows 173%, highlighting rising demand for low-code security automation.

Absolute Software Introduces Ransomware Response Offering

.

Security-as-Code Gains More Support, but Still Nascent

Google and other firms are adding security configuration to software so cloud applications and services have well-defined security settings — a key component of DevSecOps.

Security Lessons From a Payment Fraud Attack

Companies need to detect and counteract brute-force and enumeration attacks before fraudsters run away with their customers' funds.

Why So Many Security Experts Are Concerned About Low-Code/No-Code Apps

IT departments must account for the business impact and security risks such applications introduce.

Name That Toon: Helping Hands

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Strength in Unity: Why It's Especially Important to Strengthen Your Supply Chain Now

The ongoing war in Ukraine means that defenses are only as good and as strong as those with whom we partner.

Upgrades for Spring Framework Have Stalled

Upgrading and fixing the vulnerability in the Spring Framework doesn't seem to have the same level of urgency or energy as patching the Log4j library did back in December.

Google Emergency Update Fixes Chrome Zero-Day

Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.

Cloud Cost, Reliability Raise IT Concerns

IT professionals worry most about cloud security, but other questions arise about training, functionality, and performance.

Lazarus Targets Chemical Sector With 'Dream Jobs,' Then Trojans

Chemical companies are the latest to be targeted by the well-known North Korean group, which has targeted financial firms, security researchers, and technology companies in the past.

CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks

Omdia Senior Analyst Hollie Hennessy says the new threat to multiple ICS and SCADA devices underscores the importance of a rapid response to IoT and OT security risks.

Cybersecurity Act of 2022: A Step in the Right Direction With a Significant Loophole

The act contains a loophole added late in the process that will impede progress toward the goal of increasing US cybersecurity: a complete carve-out of DNS from the reporting requirements and other obligations outlined in the bill.

greymatter.io Closes $7.1 Million Series A to Meet Rising Need for Its Enterprise Microservices Platform

Elsewhere Partners invests in proven service mesh and API management innovator as it grows team and breaks into new markets.

Kaspersky Relocates Cyberthreat-Related Data Processing for Users in Latin America and Middle East to Switzerland

Also, it re-certifies its data services by TÜV AUSTRIA.

New Malware Tools Pose 'Clear and Present Threat' to ICS Environments

The recent discovery of highly customized malware targeting programmable logic controllers has renewed concerns about the vulnerability of critical infrastructure.

Data Scientists, Watch Out: Attackers Have Your Number

Researchers should take extra care in deploying data-science applications to the cloud, as cybercriminals are already targeting popular data-science tools such as Jupyter Notebook.

Inside a Data Center Outage: Lessons About Resilience

A power failure at a major London data center shows that a truly resilient network is flexible, not just redundant.

The Misconceptions of 2021's Black Swan Cyber Events

Organizations can defend themselves from future unknows attacks by implementing targeted security hardening measures, turning on built-in security protections, and leveraging existing technology stack to achieve microsegmentation and credential hygiene.

Secure Systems Need Hardware-Enhanced Tools, Intel Says

A new Intel study finds that while adoption of hardware-assisted security is still low, there is a lot of interest in how it can secure system layers such as the operating system and hypervisor.

Microsoft Leads Operation to Disrupt Zloader Botnet

The banking Trojan-turned-ransomware-distribution tool has been a potent threat since late 2019.