Unpatched DNS-Poisoning Bug Affects Millions of Devices, Stumps Researchers

The security vulnerability puts wide swaths of industrial networks and IoT devices at risk of compromise, researchers warn.

REvil Revival: Are Ransomware Gangs Ever Really Gone?

The infamous ransomware group appears to be back from the dead — maybe — and using the old brand, but experts question whether a reconstituted gang will have much success.

Syxsense Launches Unified Endpoint Security and Management Platform

Syxsense Enterprise delivers real-time vulnerability monitoring and remediation for all endpoints across an organization’s entire network.

Third-Party App Access Is the New Executable File

By providing these apps and other add-ons for SaaS platforms and associated permissions, businesses present bad actors with more opportunities to gain access to company data.

How to Create a Cybersecurity Mentorship Program

As the talent shortage rages on, companies have found mentorship programs to be one of the best ways to obtain the security skills they need to develop their existing teams.

Radware Launches SkyHawk Security, a Spinoff of Its Cloud Native Protector Business

Tiger Global Management invests $35 million in SkyHawk Security to accelerate growth.

Teleport Raises $110 Million Series C at $1.1 Billion Valuation Led by Bessemer Venture Partners

Funding follows dramatic revenue growth as identity-based access requirements skyrocket.

OccamSec Unveils New Cybersecurity Platform

Providing continuous penetration testing with context, and a host of other features, the Incenter platform is built to give organizations what they need to effectively secure their environment.

Developing Software? Get Accountability Right First

Software accountability offers a fresh perspective for creating and managing digital products, mainly by making processes more reliable and transparent for every stakeholder.

TLS Flaws Leave Avaya, Aruba Switches Open to Complete Takeover

In the latest incarnation of the TLStorm vulnerability, switches from Avaya and Aruba — and perhaps others — are susceptible to compromise from an internal attacker.

DoD Scammed Out of $23M in Phishing Attack on Jet-Fuel Vendors

A California man faces prison time and steep fines stemming from cybertheft of US military funds intended to pay jet-fuel suppliers.

Google Offers $1.5M Bug Bounty for Android 13 Beta

The security vulnerability payout set bug hunters rejoicing, but claiming the reward is much, much easier said than done.

New Regulations in India Require Orgs to Report Cyber Incidents Within 6 Hours

CERT-In updates cybersecurity rules to include mandatory reporting, record-keeping, and more.

6 Best Practices to Ensure Kubernetes Security Meets Compliance Regulations

Security must be precise enough to meet compliance requirements without impeding DevOps and developer productivity. Here's how to strike that balance.

Name That Edge Toon: Flower Power

Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Security Stuff Happens: What Do You Do When It Hits the Fan?

Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.)

2022 Security Priorities: Staffing and Remote Work

A comprehensive security strategy balances technology, processes, and people — and hiring and retaining security personnel and securing the remote workforce are firmly people priorities.

Good News! IAM Is Near-Universal With SaaS

The less-good news: IAM only works for applications your IT department knows about, so watch for "shadow IT" programs installed or written by users that leave a security gap.

Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack

QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.

Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded

This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say.

Take a Diversified Approach to Encryption

Encryption will break, so it's important to mix and layer different encryption methods.

Ambient.ai Expands Computer Vision Capabilities for Better Building Security

The AI startup releases new threat signatures to expand the computer vision platform’s ability to identify potential physical security incidents from camera feeds.

Microsoft Patches Pair of Dangerous Vulnerabilities in Azure PostgreSQL

Flaws gave attackers a way to access other cloud accounts and databases, security vendor says.

IT Teams Worry Staff Lack Cloud-Specific Skills

Security, cost, and reliability top the list of concerns IT teams have about their cloud operations, according to a recent report.

The Ransomware Crisis Deepens, While Data Recovery Stalls

Higher probabilities of attack, soaring ransoms, and less chance of getting data back — the ransomware plague gets worse, and cyber insurance fails to be a panacea.

Capital One Ventures, Snowflake Ventures, Verizon Ventures, and Wipro Ventures Join Securonix $1B+ Growth Investment as Strategic Investors

Blue-chip companies deepen commitment based on success of long-standing customer and partner relationships and conviction of Securonix’s vision and hypergrowth potential.

Bumblebee Malware Buzzes Into Cyberattack Fray

The sophisticated Bumblebee downloader is being used in ongoing email-borne attacks that could lead to ransomware infections.

Microsoft: Russia Using Cyberattacks in Coordination With Military Invasion of Ukraine

Six Russian state-backed threat actors have lunched 237 cyberattacks on Ukraine's infrastructure, new research from MIcrosoft shows.

Explainable AI for Fraud Prevention

As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability, especially when machine learning models appear in high-risk environments.

A Peek into Visa's AI Tools Against Fraud

Visa has invested heavily in data analytics and artificial intelligence over the past five years to secure the movement of money and keep fraud rates low.

Doppler Takes on Secrets Management

The startup is the latest company to try to solve the problem of organizing and sharing secrets.

Chinese APT Bronze President Mounts Spy Campaign on Russian Military

The war in Ukraine appears to have triggered a change in mission for the APT known as Bronze President (aka Mustang Panda).

Synopsys to Acquire WhiteHat Security from NTT

Acquisition expands security software-as-a-service capabilities.

CISA: Log4Shell Was the Most-Exploited Vulnerability in 2021

Internet-facing zero-day vulnerabilities were the most commonly used types of bugs in 2021 attacks, according to the international Joint Cybersecurity Advisory (JCSA).

Tenable's Bit Discovery Buy Underscores Demand for Deeper Visibility of IT Assets

The four-year-old firm, started by two industry veterans, focuses on gaining visibility into Internet-facing services as more companies seek insight into what attackers see.

Coca-Cola Investigates Data-Theft Claims After Ransomware Attack

The Stormous ransomware group is offering purportedly stolen Coca-Cola data for sale on its leak site, but the soda giant hasn't confirmed that the heist happened.

5-Year Vulnerability Trends Are Both Surprising and Sadly Predictable

What 5,800+ pentests show us: Companies have been struggling with the same known and preventable security bugs year over year. Bandwidth stands at the heart of the problem.

How Industry Leaders Should Approach Open Source Security

Here's how to reduce security risk and gain the benefits of open source software.

Log4j Attack Surface Remains Massive

Four months after the Log4Shell vulnerability was disclosed, most affected open source components remain unpatched, and companies continue to use vulnerable versions of the logging tool.

How Do I Report My Security Program's ROI?

If security leaders focus on visibility and metrics, they can demonstrate their programs' value to company leadership and boards.

Tenable Acquires External Attack Surface Management Vendor for $44.5M

Acquisition will add Internet-facing attack surface mapping and monitoring to Tenable's internal asset management products.

The Ins and Outs of Secure Infrastructure as Code

The move to IaC has its challenges but done right can fundamentally improve an organization's overall security posture.

CISA Taps Veteran CISO Bob Lord for Technical Adviser Role

Lord previously spearheaded security for the Democratic National Committee and held leadership roles at companies including Yahoo, Rapid7, and Twitter.

The XDR Revolution: Threat Detection and Response for All!

In this webinar replay, Omdia outlines the ways in which XDR facilitates faster and easier threat detection and response, and key points organizations should consider when evaluating XDR technology.

API Attacks Soar Amid the Growing Application Surface Area

With Web application programming interface (API) traffic growing quickly, the average cloud-focused company sees three times more attacks.

Cyber Conflict Overshadowed a Major Government Ransomware Alert

The FBI warns that ransomware targets are no longer predictably the biggest, richest organizations, and that attackers have leveled up to victimize organizations of all sizes.

Introducing Apostro: A Risk Management Platform for Web3 Security

Apostro's system will monitor all transactions to identify malicious behavior that can cause damage to DeFi protocols.

SecurityScorecard Launches Cyber Risk Quantification Portfolio

SecurityScorecard's Cyber Risk Quantification portfolio helps customers understand the financial impact of a cyber-attack.

What the ECDSA Flaw in Java Means for Enterprises

This Tech Tip reminds developers and security teams to check what version of Java they are running. Whether they are vulnerable to the ECDSA flaw boils down to the version number.

Iranian Hacking Group Among Those Exploiting Recently Disclosed VMware RCE Flaw

Threat actor is using the flaw to deliver Core Impact backdoor on vulnerable systems, security vendor says.

North Korean State Actors Deploying Novel Malware to Spy on Journalists

Spear-phishing campaign loaded with new "Goldbackdoor" malware targeted journalists with NK News, analysts found.

When Security Meets Development: The DevSecOps Conundrum

The DevSecOps journey is well worth undertaking because it can improve communication, speed up development, and ensure quality products.

Mastercard Launches Next-Generation Identity Technology with Microsoft

New 'trust' tool improves online experience and helps tackle digital fraud.

Ukraine Invasion Driving DDoS Attacks to All-Time Highs

Unprecedented numbers of DDoS attacks since February are the result of hacktivists' cyberwar against Russian state interests, researchers say.

Trend Micro Launches New Security Platform

An ecosystem of native and third-party integrations provides visibility and control across the entire attack surface.

Overlapping ICS/OT Mandates Distract From Threat Detection and Response

It's time for regulators of critical infrastructure — including industrial control systems and operational technology — to focus more on operational resiliency.

Many Medical Device Makers Skimp on Security Practices

Barely over a quarter of medical device companies surveyed maintain a software bill-of-materials, and less than half set security requirements at the design stage.

Sophos Buys Alert-Monitoring Automation Vendor

Acquisition of cloud-based alert security company will help Sophos automate tasks bogging down security teams, the company says.

Neustar Security Services’ UltraDNS Integrates Terraform for Streamlined, Automated DNS Management

UltraDNS Terraform Provider enhances productivity, change management.

FBI Warns Ransomware Attacks on Agriculture Co-ops Could Upend Food Supply Chain

Ransomware groups are looking to strike large agriculture cooperatives during strategic seasons, when they are most vulnerable, according to law enforcement.