Lessons From the GitHub Cybersecurity Breach

This Tech Tip outlines three steps security teams should take to protect information stored in Salesforce.

4 Data Security Best Practices You Should Know

There are numerous strategies to lessen the possibility and effects of a cyberattack, but doing so takes careful planning and targeted action.

Adversaries Continue Cyberattacks with Greater Precision and Innovative Attack Methods According to NETSCOUT Report

TCP-based, DNS water-torture, and carpet-bombing attacks dominate the DDoS threat landscape, while Ireland, India, Taiwan, and Finland are battered by DDoS attacks resulting from the Russia/Ukraine war.

Netography Upgrades Platform to Provide Scalable, Continuous Network Security and Visibility

Netography Fusion® gives security and cloud operations teams visibility and control of network traffic and context across users, applications, data, and devices.

IaC Scanning: A Fantastic, Overlooked Learning Opportunity

Infrastructure as code can help teams build more consistently in the cloud. But who owns it? Are teams getting the insights they need from your IaC security tool?

MITRE's FiGHT Focuses on 5G Networks

MITRE's new FiGHT framework describes adversary tactics and techniques used against 5G systems and networks.

7 Metrics to Measure the Effectiveness of Your Security Operations

SOC metrics will allow stakeholders to track the current state of a program and how it's supporting business objectives.

BlackCat/ALPHV Gang Adds Wiper Functionality as Ransomware Tactic

Using its "Exmatter" tool to corrupt rather than encrypt files signals a new direction for financially motivated cybercrime activity, researchers say.

Organizations Finding the Need for New Approaches on the Cybersecurity Front, CompTIA Research Reveals

Settling for "satisfactory" level of readiness may underestimate growing levels of risk.

Fake Sites Siphon Millions of Dollars in 3-Year Scam

A crime syndicate based in Russia steals millions of dollars from credit card companies using fake dating and porn sites on hundreds of domains to rack up fraudulent charges.

Despite Recession Jitters, M&A Dominates a Robust Cybersecurity Market

Funding has been somewhat lower than last year, but investment remains healthy, analysts say, amid thirst for cloud security in particular.

Russia Planning Cyberattacks on Ukraine's Energy Grid

Ukraine military intelligence says Russia is planning cyberattacks on the country's energy sector, as well as against allies including Poland and the Baltic states.

Cyber Threat Alliance Extends Membership to 6+ Leading Cybersecurity Companies

CTA now has 36 members headquartered in 11 countries who follow cyber activities across the world, showing cybersecurity industry members realize the value in collaboration.

Samsung Fails Consumers in Preventable Back-to-Back Data Breaches, According to Federal Lawsuit

Company unnecessarily collected consumers' personal data and failed to safeguard it, suit alleges, leading to two back-to-back data breaches.

Should Hacking Have a Code of Conduct?

For white hats who play by the rules, here are several ethical tenets to consider.

How Quantum Physics Leads to Decrypting Common Algorithms

YouTuber minutephysics explains how Shor's algorithm builds on existing formulae like Euclid's algorithm and Fourier transforms to leverage quantum superpositioning and break encryption.

We're Thinking About SaaS the Wrong Way

Many enterprise applications are built outside of IT, but we still treat the platforms they're built with as point solutions.

App Developers Increasingly Targeted via Slack, DevOps Tools

Slack, Docker, Kubernetes, and other applications that allow developers to collaborate have become the latest vector for software supply chain attacks.

Malicious Apps With Millions of Downloads Found in Apple App Store, Google Play

The ongoing ad fraud campaign can be traced back to 2019, but recently expanded into the iOS ecosystem, researchers say.

CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit

The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.

Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps

Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions.

How Europe Is Using Regulations to Harden Medical Devices Against Attack

Manufacturers need to document a medical device's intended use and operational environment, as well as plan for misuse, such as a cyberattack.

Neglecting Open Source Developers Puts the Internet at Risk

From creating a software bill of materials for applications your company uses to supporting open source projects and maintainers, businesses need to step up their efforts to help reduce risks.

Mitigating Risk and Communicating Value in Multicloud Environments

Protecting against risk is a shared responsibility that only gets more complex as you mix the different approaches of common cloud services.

Microsoft Looks to Enable Practical Zero-Trust Security With Windows 11

With the update, Microsoft adds features to allow easier deployment of zero-trust capabilities. Considering the 1.3 billion global Windows users, the support could make a difference.

Researchers Uncover Mysterious 'Metador' Cyber-Espionage Group

Researchers from SentinelLabs laid out what they know about the attackers and implored the researcher community for help in learning more about the shadowy group.

Developer Leaks LockBit 3.0 Ransomware-Builder Code

Code could allow other attackers to develop copycat versions of the malware, but it could help researchers understand the threat better as well.

CircleCI, GitHub Users Targeted in Phishing Campaign

Emails purporting to be an update to terms of service for GitHub and CircleCI instead attempt to harvest user credentials.

Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking

Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte.

Feds Sound Alarm on Rising OT/ICS Threats From APT Groups

NSA and CISA release guidance on protecting against cybersecurity threats to operational technology and industrial control systems.

Malicious npm Package Poses as Tailwind Tool

Branded as a components library for two popular open source resources, Material Tailwind instead loads a Windows .exe that can run PowerShell scripts.

Allurity Acquires Spanish Multinational Aiuken Cybersecurity

.

Twitter's Whistleblower Allegations Are a Cautionary Tale for All Businesses

Businesses need to turn privacy and security into an advantage. Store less data, and live up to customer expectations that their information is protected. Take small steps, be transparent about data management, and chose partners carefully.

StackHawk Launches Deeper API Security Test Coverage to Improve the Security of APIs

Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs, enabling developers to leave no paths untouched.

Palo Alto Networks 5G-Native Security Now Available on Microsoft Azure Private Multi-Access Edge Compute

.

Cyber Insurers Clamp Down on Clients' Self-Attestation of Security Controls

After one company suffered a breach that could have been headed off by the MFA it claimed to have, insurers are looking to confirm claimed cybersecurity measures.

Wintermute DeFi Platform Offers Hacker a Cut in $160M Crypto-Heist

The decentralized finance (DeFi) platform was the victim of an exploit for a partner's vulnerable code — highlighting a challenging cybersecurity environment in the sector.

Quantify Risk, Calculate ROI

SecurityScorecard's ROI Calculator helps organizations quantify cyber-risk to understand the financial impact of a cyberattack.

Threat Actor Abuses LinkedIn's Smart Links Feature to Harvest Credit Cards

The tactic is just one in a constantly expanding bag of tricks that attackers are using to get users to click on links and open malicious documents.

Sophisticated Hermit Mobile Spyware Heralds Wave of Government Surveillance

At the SecTor 2022 conference in Toronto next month, researchers from Lookout will take a deep dive into Hermit and the shadowy world of mobile surveillance tools used by repressive regimes.

Hackers Paralyze 911 Operations in Suffolk County, NY

Reduced to pen, paper, and phones, 911 operators ask NYPD for backup in handling emergency calls.

Data Scientists Dial Back Use of Open Source Code Due to Security Worries

Data scientists, who often choose open source packages without considering security, increasingly face concerns over the unvetted use of those components, new study shows.

Don't Wait for a Mobile WannaCry

Attacks against mobile phones and tablets are increasing, and a WannaCry-level attack could be on the horizon.

15-Year-Old Python Flaw Slithers into Software Worldwide

An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559.

Ransomware: The Latest Chapter

As ransomware attacks continue to evolve, beyond using security best practices organizations can build resiliency with extended detection and response solutions and fast response times to shut down attacks.

Microsoft Brings Zero Trust to Hardware in Windows 11

A stacked combination of hardware and software protects the next version of Windows against the latest generation of firmware threats.

ChromeLoader Malware Evolves into Prevalent, More Dangerous Cyber Threat

Microsoft and VMware are warning that the malware, which first surfaced as a browser-hijacking credential stealer, is now being used to drop ransomware, steal data, and crash systems at enterprises.

2-Step Email Attack Uses Powtoon Video to Execute Payload

The attack uses hijacked Egress branding and the legit Powtoon video platform to steal user credentials.

Beware of Phish: American Airlines, Revolut Data Breaches Expose Customer Info

The airline and the fintech giant both fell to successful phishing attacks against employees.

Cast AI Introduces Cloud Security Insights for Kubernetes

The release augments the company's Kubernetes management platform with free, user-friendly insight on security postures, along with cost monitoring and observability.

Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords

It's called "spell-jacking": Both browsers have spell-check features that send data to Microsoft and Google when users fill out forms for websites or Web services.

Survey Shows CISOs Losing Confidence in Ability to Stop Ransomware Attacks

Despite an 86% surge in budget resources to defend against ransomware, 90% of orgs were impacted by attacks last year, a survey reveals.

How to Dodge New Ransomware Tactics

The evolving tactics increase the threat of ransomware operators, but there are steps organizations can take to protect themselves.

No Motivation for Quantum Without Regulatory Push

What's it going to take to prod organizations to implement a post-quantum security plan? Legislative pressure.

New Kaspersky EDR Optimum Further Simplifies Protection Against Evasive Threats

.

ThreatQuotient Enhances Data-Driven Automation Capabilities With New ThreatQ TDR Orchestrator Features

Focused on bringing ease of use to IT security automation, ThreatQ TDR Orchestrator addresses industry needs for simpler implementation and more efficient operations.

SASE Bucks Economic Uncertainty With Over 30% Growth in 2Q 2022, According to Dell'Oro Group

Overall SASE Spend on Pace to Top $6 Billion in 2022.

Invicti Security and ESG Report on How Companies are Shifting for Higher Quality, Secure Application Code

The balance of deploying secure applications vs. time to market continues to be the biggest risk to organizations.

Byos Releases Free Assessment Tool to Provide Companies With Tailored Network Security Recommendations

Assessment tool instantly generates a detailed report breaking down a company’s current network security maturity and recommended next steps.

Water Sector Will Benefit From Call for Cyber Hardening of Critical Infrastructure

A call for federal agency "review and assessment" of cyber-safety plans at water treatment plants should better protect customers and move the industry forward.