Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks

Organizations must ensure their kubelets and related APIs aren’t inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.

Space Force Expands Cyber Defense Operations

Space Force's Delta 6 cyber-defense group adds squadrons, updates legacy Satellite Control Network.

Scammer Behind $568M International Cybercrime Syndicate Gets 4 Years

The 14th defendant behind The Infraud Organization contraband marketplace has been sentenced, this time for one count of racketeering.

New Chaos Malware Variant Ditches Wiper for Encryption

The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.

ChromeLoader Malware Hijacks Browsers With ISO Files

The malware's abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections.

Physical Security Teams' Impact Is Far-Reaching

Here's how physical security teams can integrate with the business to identify better solutions to security problems.

Taking the Danger Out of IT/OT Convergence

The Colonial Pipeline attack highlighted the risks of convergence. Unified security provides a safer way to proceed.

Microsoft Unveils Dev Box, a Workstation-as-a-Service

Microsoft Dev Box will make it easier for developers and hybrid teams to get up and running with workstations already preconfigured with required applications and tools.

Broadcom Snaps Up VMware in $61B Deal

Massive merger will put Broadcom's Symantec and VMware's Carbon Black under one roof.

Lacework Announces Layoffs, Restructuring

The cloud-security company blames "seismic" market shifts for shakeup.

Third-Party Scripts on Websites Present a 'Broad & Open' Attack Vector

Nearly half of the world's largest websites use externally generated JavaScript that makes them ripe targets for cyberattackers interested in stealing data, skimming credit cards, and executing other malicious actions.

Twitter Fined $150M for Security Data Misuse

Twitter is charged with using emails and phone numbers ostensibly collected for account security to sell targeted ads.

The FDA's New Cybersecurity Guidance for Medical Devices Reminds Us That Safety & Security Go Hand in Hand

The new draft guidance on premarket submissions incorporates quality system regulations and doubles down on a life-cycle approach to product security.

VMware, Airline Targeted as Ransomware Chaos Reigns

Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.

Big Cyber Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem

Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.

Act Now: Leveraging PCI Compliance to Improve Security

Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards.

Quanta Servers Caught With 'Pantsdown' BMC Vulnerability

Researchers discover 3-year-old critical firmware vulnerability, running in popular cloud servers used to power hyperscalers and cloud providers alike.

Most Common Threats in DBIR

Supply chain and ransomware attacks increased dramatically in 2021, which explains why so many data breaches in Verizon's "2022 Data Breach Investigations Report" were grouped as system intrusion.

Forescout Launches Forescout Frontline to Help Organizations Tackle Ransomware and Real Time Threats

New threat hunting and risk identification service provides organizations with an enterprise-wide baseline of their threat landscape and risk exposure.

Is Your Data Security Living on the Edge?

Gartner's security service edge fundamentally changes how companies should be delivering data protection in a cloud and mobile first world.

Interpol's Massive 'Operation Delilah' Nabs BEC Bigwig

A sprawling, multiyear operation nabs a suspected SilverTerrier BEC group ringleader, exposing a massive attack infrastructure and sapping the group of a bit of its strength.

JFrog Launches Project Pyrsia to Help Prevent Software Supply Chain Attacks

Open source software community initiative utilizes blockchain technology.

Mastercard Launches Cybersecurity “Experience Centre”

Experience Centre features emerging Mastercard products and solutions for securing digital payments on a global scale, including those developed locally in Vancouver.

Qualys to Unveil VMDR 2.0 at Qualys Security Conference in San Francisco

Company will detail enhancements to Vulnerability Management, Detection and Response solution next month.

Corelight Announces New SaaS Platform for Threat Hunting

Corelight Investigator aids threat hunting and investigation through intelligent alert aggregation, built-in queries and scalable search

Cybersecurity-Focused SYN Ventures Closes $300 Million Fund II

Cylance co-founder Ryan Permeh has joined full time as an operating partner.

Vishing Attacks Reach All Time High, According to Latest Agari and PhishLabs Report

According to the findings, vishing attacks have overtaken business email compromise as the second most reported response-based email threat since Q3 2021.

Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message

Google has disclosed a nasty set of six bugs affecting Zoom chat that can be chained together for MitM and RCE attacks, no user interaction required.

Meet the 10 Finalists in the RSA Conference Innovation Sandbox

This year's finalists tackle such vital security concerns as permissions management, software supply chain vulnerability, and data governance. Winners will be announced June 6.

Brexit Leak Site Linked to Russian Hackers

Purporting to publish leaked emails of pro-Brexit leadership in the UK, a new site's operations have been traced to Russian cyber-threat actors, Google says.

Spring Cleaning Checklist for Keeping Your Devices Safe at Work

Implement zero-trust policies for greater control, use BYOD management tools, and take proactive steps such as keeping apps current and training staff to keep sensitive company data safe and employees' devices secure.

CLOP Ransomware Activity Spiked in April

In just one month, the ransomware group's activity rose by 2,100%, a new report finds.

Industry 4.0 Points Up Need for Improved Security for Manufacturers

With manufacturing ranking as the fourth most targeted sector, manufacturers that understand their exposure will be able to build the necessary security maturity.

DDoS Extortion Attack Flagged as Possible REvil Resurgence

A DDoS campaign observed by Akamai from actors claiming to be REvil would represent a major pivot in tactics for the gang.

DBIR Makes a Case for Passwordless

Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks.

'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds

Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.

Microsoft Elevation-of-Privilege Vulnerabilities Spiked Again in 2021

But there was a substantial drop in the overall number of critical vulnerabilities that the company disclosed last year, new analysis shows.

New Attack Shows Weaponized PDF Files Remain a Threat

Notable new infection chain uses PDF to embed malicious files, load remote exploits, shellcode encryption, and more, new research shows.

DeFi Is Getting Pummeled by Cybercriminals

Decentralized finance lost $1.8 billion to cyberattacks last year — and 80% of those events were the result of vulnerable code, analysts say.

New Connecticut Privacy Law Makes Path to Compliance More Complex

As states address privacy with ad-hoc laws, corporate compliance teams try to balance yet another set of similar but diverging requirements.

XM Cyber Adds New Security Capability for Microsoft Active Directory

Company to debut its AD capabilities at the 2022 RSA Conference.

Strong Password Policy Isn't Enough, Study Shows

New analysis reveals basic regulatory password requirements fall far short of providing protection from compromise.

Netskope Expands Data Protection Capabilities to Endpoint Devices and Private Apps

New features include context-aware, zero-trust data protection on local peripherals and devices.

Nisos Announces $15 Million in Series B Funding Round

New funding led by global cyber investor Paladin Capital Group, alongside existing investors Columbia Capital and Skylab Capital.

Crypto Hacks Aren't a Niche Concern; They Impact Wider Society

Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.

Multiple Governments Buying Android Zero-Days for Spying: Google

An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.

QuSecure Carves Out Space in Quantum Cryptography With Its Vision of a Post-RSA World

NIST may be on the brink of revealing which post-quantum computing encryption algorithms it is endorsing, solidifying commercial developments like QuProtect.

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.

Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT

Analysts have seen a massive spike in malicious activity by the XorDdos Trojan in the last six months, against Linux cloud and IoT infrastructures .

Why the Employee Experience Is Cyber Resilience

A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.

Valeo Networks Acquires Next I.T.

Next I.T. is the sixth and largest acquisition to date for Valeo Networks.

Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection

IronKey Vault Privacy 80 External SSD safeguards against brute-force attacks and BadUSB with digitally-signed firmware.

After the Okta Breach, Diversify Your Sources of Truth

What subsequent protections do you have in place when your first line of defense goes down?

Chatbot Army Deployed in Latest DHL Shipping Phish

In a new phishing tactic, faux chatbots establish a conversation with victims to guide them to malicious links, researchers say.

Partial Patching Still Provides Strong Protection Against APTs

Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.

Quantum Key Distribution for a Post-Quantum World

New versions of QKD use separate wavelengths on the same fiber, improving cost and efficiency, but distance is still a challenge.

Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication

Two of Microsoft's Patch Tuesday updates need a do-over after causing certificate-based authentication errors.

Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap

To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.

New Open Source Project Brings Consistent Identity Access to Multicloud

Hexa and IDQL allow organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.

More Than 1,000 Cybersecurity Career Pursuers Complete the (ISC)² Entry-Level Cybersecurity Certification Pilot Exam

New professional certification program establishes a pathway into the workforce for students and career changers by demonstrating their foundational knowledge, skills and abilities to employers.