Google Translate Helps BEC Groups Scam Companies in Any Language

BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally.

Inglis Retires as National Cyber Director Ahead of Biden's Cybersecurity EO

The long-time NSA and cyber specialist says he's exiting the public sector.

Not Stoked: Burton Snowboards' Online Orders Disrupted After Cyberattack

The snow sports specialist is investigating to see what caused the operations-disrupting "cyber incident."

Massive GoAnywhere RCE Exploit: Everything You Need to Know

Weeks after an exploit was first announced in a popular cloud-based file transfer service, could some organizations still be vulnerable? The answer is yes.

AppSec Threats Deserve Their Own Incident Response Plan

With a rearranging of priorities and good incident response plans, organizations can be ready to face the future of software attacks.

Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats

It's a classic attacker move: Use security protections against those who deploy them. But organizations can still defuse and prevent these encrypted attacks.

ESXi Ransomware Update Outfoxes CISA Recovery Script

New ESXiArgs-ransomware attacks include a workaround for CISA's decryptor, researchers find.

Atlassian: Leaked Data Stolen via Third-Party App

SiegedSec threat group leaked data that Atlassian says was taken from app used to coordinate in-office resources.

SASE Market to Exceed Over $60B Between 2022 and 2027, According to Dell'Oro Group

MVP Vibe Fest Bridges Gap Between Athletics and Cybersecurity

Top athletes compete both on and off the track in a mix of track and field events and cyber games.

WatchGuard Launches New Line of Firewall Products to Enhance Unified Security for Remote and Distributed Businesses

Powered by WatchGuard’s Unified Security Platform® architecture, new Fireboxes deliver enhanced performance and added security capabilities that MSPs and IT admins can easily manage in WatchGuard Cloud.

Cybersecurity Jobs Remain Secure Despite Recession Fears

Only 10% of corporate executives expect to lay off members of cybersecurity teams in 2023, much lower than other areas, as companies protect hard-to-find skill sets.

SideWinder APT Spotted Targeting Crypto

The nation-state threat group has been attacking a wider range of victims and regions than previously thought.

Window Snyder's Startup Launches Security Platform for IoT Device Makers

Thistle's technology will give device makers a way to easily integrate features for secure updates, memory management, and communications into their products, Snyder says.

Simplify to Survive: How Organizations Can Navigate Cyber-Risk

Simplification can result in efficiencies, reduced overhead, and the ability to respond to cyber threats more quickly.

Descope Handles Authentication So Developers Don't Have To

Developers don't have to build authentication and user management from scratch, and can devote their energies to the core functions of the application, instead.

Infrastructure Risks Increase As IT and OT Converge

Explosive growth of devices associated with the Internet of Things and operational technologies gives attackers a larger pool of targets.

Oligo Security Takes Aim at Open Source Vulnerabilities

The startup's software helps organizations secure their containers in the cloud by teasing out which packages are running and which are vulnerable.

ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally

Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.

Brivo Reveals Top Security Trends for 2023: Convenience Is King in Securing the Hybrid Workplaces of the Future

Factoring user experience and convenience into how employees and tenants access buildings is top concern for security professionals says benchmark industry survey.

Call for Speakers Now Open for the RH-ISAC Cyber Intelligence Summit

Retail & Hospitality ISAC invites industry leaders, experts, and innovators to submit proposals for presentations and panel discussions.

GAO Calls for Improved Data Privacy Protections

US federal watchdog agency outlines key measures for better protecting sensitive data under the federal government's control.

2023 Is the Year of Risk: 5 Ways to Prepare

2022 saw a record number of cyberattacks. In response, regulators are prescribing how companies should manage their risks. How do you prepare?

3 Ways CISOs Can Lead Effectively and Avoid Burnout

Information security is a high-stakes field with sky-high expectations. Here's how CISOs can can offset the pressures and stay healthy.

What Purple Teams Wish Companies Knew

Here are some of the easily avoidable mistakes most companies made last year, gleaned from hundreds of cybersecurity engagements by red and blue teams.

Build Cyber Resiliency With These Security Threat-Mitigation Considerations

CISOs need to define their risk tolerance, identify specific critical data, and make changes based on strategic business goals.

IGEL Unveils COSMOS, the Unified End User Computing Platform for Secure, Managed Access to Any Cloud Workspace

Report Reveals Record-Breaking Year for Cyber Threats

5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant

As CPRA went into effect on January 1, latest CYTRIO research says 91% of companies still uncompliant with GDPR; 92% not compliant with CCPA and CPRA.

1898 & Co Launches New Cybersecurity Service for Critical Infrastructure

NIST's New Crypto Standard a Step Forward in IoT Security

The National Institute of Standards and Technology has settled on a standard for encrypting Internet of Things (IoT) communications, but many devices remain vulnerable and unpatched.

How Security Teams Can Protect Employees Beyond Corporate Walls

De-shaming security mistakes and taking the blame and punishment out of incident reporting can strengthen security efforts both inside and outside of the workplace.

Russian Cybercriminal Faces Decades in Prison for Hacking and Trading Operation

Vladislav Klyushin and co-conspirators used SEC filings stolen from the networks of Tesla, Roku, and other publicly traded companies to earn nearly $100 million in illegal trades.

Expel Tackles Cloud Threats With MDR for Kubernetes

The new managed detection and response platform simplifies cloud security for Kubernetes applications.

OT Network Security Myths Busted in a Pair of Hacks

How newly exposed security weaknesses in industrial wireless, cloud-based interfaces, and nested PLCs serve as a wake-up call for hardening the physical process control layer of the OT network.

9 New Microsoft Bugs to Patch Now

78 new CVEs patched in this month's batch — nearly half of which are remotely executable and three of which attackers already are exploiting.

Oakland City Services Struggle to Recover From Ransomware Attack

Fire emergency, 911 services functioning, along with Oakland financial systems, city says.

Configuration Issues in SaltStack IT Tool Put Enterprises at Risk

Researchers flag common misconfiguration errors and a template injection technique that could let an attacker take over the IT management network and connected systems.

Hospitals Sued for Using Meta's Ad-Tracking Code, Violating HIPAA

Lawsuits say hospitals using Meta Pixel code violated patient privacy — sharing conditions, medications, and more with Facebook.

Why SecDataOps Is the Future of Your Security Program

The goal: Ensure that data is always finely curated and accessible, and that security decisions get made with high-fidelity data.

Vaultree Appoints Technology Industry Veteran Rinki Sethi to Its Board of Directors

Cyber-Physical Systems Vulnerability Disclosures Reach Peak, While Disclosures by Internal Teams Increase 80% Over 18 Months

State of XIoT Security Report: 2H 2022 from Claroty's Team82 reveals positive impact by researchers on strengthening XIoT security and increased investment among XIoT vendors in securing their products.

Ping Identity and Deloitte Forge Alliance to Give Organizations Advanced Identity and Access Solutions

ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops)

SynSaber Launches a Free OT PCAP Analyzer Tool for the Industrial Security Community

Lessons All Industries Can Learn From Automotive Security

Industry standards must evolve as digital transformation makes all companies software companies. Security testing boosts development speed and software quality.

Embattled VMware ESXi Hypervisor Flaw Exploitable in Myriad Ways

It's not just Internet-accessible hosts that are vulnerable, researchers say.

Dark Web Revenue Down Dramatically After Hydra's Demise

Competitor markets working to replace Hydra's money-laundering services for cybercriminals.

9 Scammers Busted for 5M Euro Phishing Fraud Ring

The network is alleged to have operated 100 bank accounts and stolen millions from American people and companies.

Accenture Acquires Morphus, Brazil-Based Cybersecurity Company

Morphus's deep cybersecurity research expertise, cyber defense and threat intelligence services widen Accenture's cybersecurity footprint in Latin America.

Healthcare in the Crosshairs of North Korean Cyber Operations

CISA, FBI, and South Korean intelligence agencies warn that the North Korean government is sponsoring ransomware attacks to fund its cyber-espionage activities.

Russian Hackers Disrupt NATO Earthquake Relief Operations

Killnet claims DDoS attack against NATO Special Operations Headquarters, Strategic Airlift Capability, and more.

What Happened to #OpRussia?

The cyberwar to attack Russia has never really stopped, despite a decreasing interest from the West.

Reddit Hack Shows Limits of MFA, Strengths of Security Training

A tailored spear-phishing attack successfully convinced a Reddit employee to hand over their credentials and their one-time password, but soon after, the same worker notified security.

Trickbot Members Sanctioned for Pandemic-Era Ransomware Hits

The US Treasury Department linked the notorious cybercrime gang to Russian Intelligence Services because cyberattacks that disrupted hospitals and other critical infrastructure align with Russian state interests.

Integreon Launches Cyber Incident Response Offering with Development of AI-Based Review and Integration of RadarFirst

MagicWeb Mystery Highlights Nobelium Attacker's Sophistication

The authentication bypass used by the Nobelium group, best known for the supply chain attack on SolarWinds, required a massive, real-time investigation to uncover, Microsoft says.

Malicious Game Mods Target Dota 2 Game Users

Valve's unpatched JavaScript engine and incomplete modification vetting process for Steam-delivered mods led to user systems being backdoored.

Attacker Allure: A Look at the Super Bowl's Operational Cyber-Risks

Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.

Addressing the Elephant in the Room: Getting Developers & Security Teams to Work Together

Bridging the divide between developers and security can create a culture change organically.