How to Stop Attackers That Target Healthcare Imaging Data

Attribute-based encryption could help keep sensitive metadata off of the Dark Web.

Scrut Automation Raises Funding of $7.5M, Led by MassMutual Ventures, Lightspeed, and Endiya Partners

With the fresh capital, Scrut aims to focus on simplifying risk management and infosec compliance for cloud-native SaaS, Fintech, and Healthtech companies

Black Hat to Launch Official Certification Program

CREST Calls for Greater Equity, Inclusion and Diversity As Part of National Cyber Security Strategy

Malwarebytes Expands Platform With New Application Block Capabilities

Latest threat prevention module helps resource-strapped security teams block unsafe, untrusted or vulnerable applications.

Analysts Slam Twitter's Decision to Disable SMS-Based 2FA

Making the option available only to paid subscribers — while also claiming SMS authentication is broken — doesn't make sense, some say. Is it a cash grab?

Name That Toon: Join the Club

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Cyberthreats, Regulations Mount for Financial Industry

Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture.

Coinbase Crypto Exchange Ensnared in 'Oktapus'-Related Smishing Attack

Some employees' personal data was leaked, but the company responded swiftly to a socially engineered incident that gained access to legitimate employee login credentials.

Third-Party Providers Create Identity and Access Control Challenges for Fintech Apps

Fintech has drastically shifted the financial services industry toward digital technologies and, in so doing, has introduced a variety of new risks.

Israel's Top Tech University Targeted by DarkBit Ransomware

An Israeli university is being blackmailed by hackers. However, they aren't just after money but are looking to send a political message — and maybe something more.

Insider Threats Don't Mean Insiders Are Threatening

By implementing tools that enable internal users to do their jobs efficiently and securely, companies reduce insider threat risk by building insider trust.

Modern Software: What's Really Inside?

Open source has changed the software game from build or buy to assemble with care.

Despite Breach, LastPass Demonstrates the Power of Password Management

What's scarier than keeping all of your passwords in one place and having that place raided by hackers? Maybe reusing insecure passwords.

Majority of Ransomware Attacks Last Year Exploited Old Bugs

New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft.

Researchers Create an AI Cyber Defender That Reacts to Attackers

The system based on deep reinforcement learning can adapt to defenders' tactics and stop 95% of simulated attacks, according to its developers.

Is OWASP at Risk of Irrelevance?

A growing group of OWASP members and board leaders are calling for the AppSec group to make big changes to stay apace with modern development.

Check Point Boosts AppSec Focus With CNAPP Enhancements

Established network security players like Check Point are responding to the shift to cloud-native applications, which have exposed more vulnerabilities in open source software supply chains.

Novel Spy Group Targets Telecoms in 'Precision-Targeted' Cyberattacks

The primary victims so far have been employees of telcos in the Middle East, who were hit with custom backdoors via the cloud, in a likely precursor to a broader attack.

Google Translate Helps BEC Groups Scam Companies in Any Language

BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally.

Inglis Retires as National Cyber Director Ahead of Biden's Cybersecurity EO

The long-time NSA and cyber specialist says he's exiting the public sector.

Not Stoked: Burton Snowboards' Online Orders Disrupted After Cyberattack

The snow sports specialist is investigating to see what caused the operations-disrupting "cyber incident."

Massive GoAnywhere RCE Exploit: Everything You Need to Know

Weeks after an exploit was first announced in a popular cloud-based file transfer service, could some organizations still be vulnerable? The answer is yes.

AppSec Threats Deserve Their Own Incident Response Plan

With a rearranging of priorities and good incident response plans, organizations can be ready to face the future of software attacks.

Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats

It's a classic attacker move: Use security protections against those who deploy them. But organizations can still defuse and prevent these encrypted attacks.

ESXi Ransomware Update Outfoxes CISA Recovery Script

New ESXiArgs-ransomware attacks include a workaround for CISA's decryptor, researchers find.

Atlassian: Leaked Data Stolen via Third-Party App

SiegedSec threat group leaked data that Atlassian says was taken from app used to coordinate in-office resources.

SASE Market to Exceed Over $60B Between 2022 and 2027, According to Dell'Oro Group

MVP Vibe Fest Bridges Gap Between Athletics and Cybersecurity

Top athletes compete both on and off the track in a mix of track and field events and cyber games.

WatchGuard Launches New Line of Firewall Products to Enhance Unified Security for Remote and Distributed Businesses

Powered by WatchGuard’s Unified Security Platform® architecture, new Fireboxes deliver enhanced performance and added security capabilities that MSPs and IT admins can easily manage in WatchGuard Cloud.

Cybersecurity Jobs Remain Secure Despite Recession Fears

Only 10% of corporate executives expect to lay off members of cybersecurity teams in 2023, much lower than other areas, as companies protect hard-to-find skill sets.

SideWinder APT Spotted Targeting Crypto

The nation-state threat group has been attacking a wider range of victims and regions than previously thought.

Window Snyder's Startup Launches Security Platform for IoT Device Makers

Thistle's technology will give device makers a way to easily integrate features for secure updates, memory management, and communications into their products, Snyder says.

Simplify to Survive: How Organizations Can Navigate Cyber-Risk

Simplification can result in efficiencies, reduced overhead, and the ability to respond to cyber threats more quickly.

Descope Handles Authentication So Developers Don't Have To

Developers don't have to build authentication and user management from scratch, and can devote their energies to the core functions of the application, instead.

Infrastructure Risks Increase As IT and OT Converge

Explosive growth of devices associated with the Internet of Things and operational technologies gives attackers a larger pool of targets.

Oligo Security Takes Aim at Open Source Vulnerabilities

The startup's software helps organizations secure their containers in the cloud by teasing out which packages are running and which are vulnerable.

ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally

Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common.

Brivo Reveals Top Security Trends for 2023: Convenience Is King in Securing the Hybrid Workplaces of the Future

Factoring user experience and convenience into how employees and tenants access buildings is top concern for security professionals says benchmark industry survey.

Call for Speakers Now Open for the RH-ISAC Cyber Intelligence Summit

Retail & Hospitality ISAC invites industry leaders, experts, and innovators to submit proposals for presentations and panel discussions.

GAO Calls for Improved Data Privacy Protections

US federal watchdog agency outlines key measures for better protecting sensitive data under the federal government's control.

2023 Is the Year of Risk: 5 Ways to Prepare

2022 saw a record number of cyberattacks. In response, regulators are prescribing how companies should manage their risks. How do you prepare?

3 Ways CISOs Can Lead Effectively and Avoid Burnout

Information security is a high-stakes field with sky-high expectations. Here's how CISOs can can offset the pressures and stay healthy.

What Purple Teams Wish Companies Knew

Here are some of the easily avoidable mistakes most companies made last year, gleaned from hundreds of cybersecurity engagements by red and blue teams.

Build Cyber Resiliency With These Security Threat-Mitigation Considerations

CISOs need to define their risk tolerance, identify specific critical data, and make changes based on strategic business goals.

IGEL Unveils COSMOS, the Unified End User Computing Platform for Secure, Managed Access to Any Cloud Workspace

Report Reveals Record-Breaking Year for Cyber Threats

5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant

As CPRA went into effect on January 1, latest CYTRIO research says 91% of companies still uncompliant with GDPR; 92% not compliant with CCPA and CPRA.

1898 & Co Launches New Cybersecurity Service for Critical Infrastructure

NIST's New Crypto Standard a Step Forward in IoT Security

The National Institute of Standards and Technology has settled on a standard for encrypting Internet of Things (IoT) communications, but many devices remain vulnerable and unpatched.

How Security Teams Can Protect Employees Beyond Corporate Walls

De-shaming security mistakes and taking the blame and punishment out of incident reporting can strengthen security efforts both inside and outside of the workplace.

Russian Cybercriminal Faces Decades in Prison for Hacking and Trading Operation

Vladislav Klyushin and co-conspirators used SEC filings stolen from the networks of Tesla, Roku, and other publicly traded companies to earn nearly $100 million in illegal trades.

Expel Tackles Cloud Threats With MDR for Kubernetes

The new managed detection and response platform simplifies cloud security for Kubernetes applications.

OT Network Security Myths Busted in a Pair of Hacks

How newly exposed security weaknesses in industrial wireless, cloud-based interfaces, and nested PLCs serve as a wake-up call for hardening the physical process control layer of the OT network.

9 New Microsoft Bugs to Patch Now

78 new CVEs patched in this month's batch — nearly half of which are remotely executable and three of which attackers already are exploiting.

Oakland City Services Struggle to Recover From Ransomware Attack

Fire emergency, 911 services functioning, along with Oakland financial systems, city says.

Configuration Issues in SaltStack IT Tool Put Enterprises at Risk

Researchers flag common misconfiguration errors and a template injection technique that could let an attacker take over the IT management network and connected systems.

Hospitals Sued for Using Meta's Ad-Tracking Code, Violating HIPAA

Lawsuits say hospitals using Meta Pixel code violated patient privacy — sharing conditions, medications, and more with Facebook.

Why SecDataOps Is the Future of Your Security Program

The goal: Ensure that data is always finely curated and accessible, and that security decisions get made with high-fidelity data.

Vaultree Appoints Technology Industry Veteran Rinki Sethi to Its Board of Directors