Concentric AI Raises Series A Funding Led by Ballistic Ventures to Autonomously Secure Business-Critical Data

Round of $14.5M to support team of AI experts and cybersecurity leaders targeting overshared data with AI-based solutions for data access governance and loss prevention.

Breaking Down the Strengthening American Cybersecurity Act

New federal cybersecurity rules will set timelines for critical infrastructure sector organizations — those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation — to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.

Quantum Ransomware Strikes Quickly, How to Prepare and Recover

NYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies.

Material Security Reaches $1.1 Billion Valuation for ‘Zero Trust’ Security on Microsoft and Google Email

Founders Fund leads $100 million Series-C financing, gaining the email security startup unicorn status two years after its launch.

SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to Companies

Analysis finds 687 million exposed credentials and personally identifiable information (PII) among Fortune 1000 employees, and a 64% password reuse rate.

Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers

IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.

The Danger of Online Data Brokers

Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.

Vanity URLs Could Be Spoofed for Social Engineering Attacks

Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.

Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails

Malicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.

What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers

Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.

US Pledges to Help Ukraine Keep the Internet and Lights On

US State Department outlines coordinated government effort to provide Ukraine with cybersecurity intelligence, expertise, and resources amid invasion.

Lincoln College Set to Close After Crippling Cyberattack

COVID-19 and a December 2021 cyberattack combined to put the future of Abraham Lincoln's namesake college in peril.

Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler

Kaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022.

Arctic Wolf Launches Arctic Wolf Labs Focused on Security Operations Research and Intelligence Reporting

New research-focused division focused on advancing innovation in the field of security operations.

5-Buck DCRat Malware Foretells a Worrying Cyber Future

The Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price.

Onapsis Announces New Offering to Jumpstart Security for SAP Customers

Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications .

Mastering the New CISO Playbook

How can you safeguard your organization amid global conflict and uncertainty?

How to Check If Your F5 BIG-IP Device Is Vulnerable

This Tech Tip walks network administrators through the steps to address the latest critical remote code execution vulnerability (CVE-2022-1388) in F5's BIG-IP management interface.

Joker, Other Fleeceware Surges Back Into Google Play

The infamous Joker threat is back in Google Play, along with other Trojanized mobile apps that secretly sign Android users up for paid subscription services.

Costa Rica Declares State of Emergency Under Sustained Conti Cyberattacks

Conti's ransomware attack cripples Costa Rica's Treasury, sparking the US to offer a $15M bounty on the group.

5 Tips to Protect Your Career Against a Narcissist

When you find yourself the target of a narcissist, familiarize yourself with their tactics and learn how to survive.

NFTs Emerge as the Next Enterprise Attack Vector

Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say.

Deloitte Launches Expanded Cloud Security Management Platform

The CSM by Deloitte platform includes cloud security policy orchestration, cyber predictive analytics, attack surface management, and cyber cloud managed services.

Security Stuff Happens: Where Do You Go From Here?

Despite what it may feel like when you're in the trenches after a security incident, the world doesn't stop moving. (Part 3 of a series.)

Post-Quantum Cryptography Set to Replace RSA, ECC

In the next 10 years, public-key encryption needs to be replaced by post-quantum techniques that can stand up to the new challenges.

Ikea Canada Breach Exposes 95K Customer Records

An unauthorized employee accessed Ikea's customer database, but it's unclear what the intention was.

What We've Learned in the 12 Months Since the Colonial Pipeline Attack

The attack may have been "a major wake-up call" about the need for greater resilience in IT environments, but have security teams hit the snooze bar one too many times?

Scammer Infects His Own Machine With Spyware, Reveals True Identity

An operational slip-up led security researchers to an attacker associated with Nigerian letter scams and malware distribution, after he infected himself with Agent Tesla.

White House Moves to Shore Up US Post-Quantum Cryptography Posture

Biden's executive order pushes new NIST quantum-cryptography standards and directs federal government to move toward quantum-resistant cybersecurity.

AT&T Expands Access to Advanced Secure Edge and Remote Workforce Capabilities

AT&T SASE with Cisco Meraki offers fully integrated network and security tools for convenient, high-performing, and protected access from anywhere

Passwords: Do Actions Speak Louder Than Words?

For most of us, passwords are the most visible security control we deal with on a regular basis, but we are not very good at it.

Colonial Pipeline 1 Year Later: What Has Yet to Change?

The incident was a devastating attack, but it exposed gaps in cybersecurity postures that otherwise would have gone unnoticed.

Microsoft, Apple, and Google Promise to Expand Passwordless Features

The passwordless future just became closer to reality, as Microsoft, Apple, and Google pledge to make the standard possible across operating systems and browsers.

Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials

The same attack that allowed a threat actor to steal data from private Heroku GitHub repositories also resulted in the compromise of customer credentials, the company now says.

NIST Issues Guidance for Addressing Software Supply-Chain Risk

Amid ongoing software supply-chain jitters, the US' top tech division is offering a finalized, comprehensive cybersecurity control framework for managing risk.

A Third of Americans Use Easy-to-Guess Pet Passwords

Far too many turn to Jingles, Mittens, or Bella for password inspiration, given that these are some of the easiest passwords to crack.

Critical Cisco VM-Escape Bug Threatens Host Takeover

The vendor also disclosed two other security vulnerabilities that would allow remote, unauthenticated attackers to inject commands as root and snoop on sensitive user information.

FBI: Bank Losses From BEC Attacks Top $43B

Law enforcement attributes a recent 65% spike in BEC attack losses to COVID-19 restrictions and the ongoing reality of a remote workforce.

Magnet Forensics Acquires Cybersecurity Software Firm Comae Technologies

The company will continue the development of Comae’s memory analysis platform and seek to incorporate its capabilities into existing solutions

Cisco Announces Cloud Controls Framework Is Now Available to Public

The Cisco CCF helps save resources by enabling organizations to achieve cloud security certifications more efficiently.

Multichannel Phishing Concerns Cybersecurity Leaders in 2022

With 80% of companies using cloud collaboration tools, cybercriminals are using multichannel phishing attacks to exploit security gaps in the hybrid work model.

1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin

Researcher to reveal fresh details at Black Hat Asia on a tenacious cyber-espionage group attacking specific military, law enforcement, aviation, and other entities in Central and South Asia.

Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks

Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.

Why Security Matters Even More in Online Gaming

As the gaming sector booms, game publishers and gaming networks have been heavily targeted with distributed denial-of-service (DDoS) attacks in the last year.

GitHub to Developers: Turn on 2FA or Lose Access

All active GitHub users who contribute code will be required to enable at least one form of two-factor authentication by the end of 2023.

China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack

Operation CuckooBees uncovered the state-sponsored group's sophisticated new tactics in a years-long campaign that hit more than 30 tech and manufacturing companies.

Microsoft Releases Defender for SMBs

Microsoft's stand-alone version of Defender for SMBs promises to help SecOps teams automate detection, response, and recovery.

Q&A: How China Is Exporting Tech-Based Authoritarianism Across the World

The US has to adapt its own policies to counter the push, warns former DocuSign CEO and Under Secretary of State Keith Krach.

VHD Ransomware Variant Linked to North Korean Cyber Army

Researchers use code, Bitcoin transactions to link ransomware attacks on banks to DPRK-sponsored actors.

Security Stuff Happens: What Will the Public Hear When You Say You've Been Breached?

A company's response to a breach is more important than almost anything else. But what constitutes a "good" response following a security incident? (Part 2 of a series.)

AI for Cybersecurity Shimmers With Promise, but Challenges Abound

Companies see AI-powered cybersecurity tools and systems as the future, but at present nearly 90% of them say they face significant hurdles in making use of them.

What Star Wars Teaches Us About Threats

The venerable film franchise shows us how to take threats in STRIDE.

AutoRABIT Secures $26M in Series B Investment from Full In Partners to Expand DevSecOps Platform

AutoRABIT intends to direct the funding toward growth initiatives and product development.

Uptycs Announces New Cloud Identity and Entitlement Management (CIEM) Capabilities

Also adds support for Google Cloud Platform (GCP) and Microsoft Azure, and PCI compliance coverage.

SAC Health System Impacted By Security Incident

Six boxes of paper documents were removed from the facility without authorization in early March.

Aryaka, Carnegie Mellon’s CyLab to Research New Threat Mitigation Techniques

The security research partnership will focus on developing new techniques and releasing them as open source.

What Should I Know About Defending IoT Attack Surfaces?

The Internet of Things needs to be part of the overall corporate information security policy to prevent adversaries from using these devices as an entry point.

Syxsense Enterprise Unifies Endpoint Security and IT Management for Real-Time Vulnerability Monitoring and Remediation

IT Teams can now manage, detect, and secure all endpoints with 100% visibility across desktop, laptop, server, and mobile devices.

API Security Company Traceable AI Lands $60 Million Series B

Latest round led by IVP values the company at $450 million.

SolarWinds Attackers Gear Up for Typosquatting Attacks

The same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say.