Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A high-powered joint advisory calls attention to gaping holes in perimeter-type devices like VPN appliances, network access gateways and enterprise cloud applications. [Read More]
Google shares bug-bounty financial data and launches a new initiative to bring all of its vulnerability reporting programs into a single online platform. [Read More]
Apple ships an out-of-band security update and warns of active zero-day attacks targeting macOS and iOS users. [Read More]
Mozilla has completely removed support for the File Transfer Protocol (FTP) from in the latest release of its flagship Firefox browser. [Read More]
Intezer warns that threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners. [Read More]
Kaseya has obtained a universal decryptor that should allow victims of the recent REvil ransomware attack to recover their files. [Read More]
European bug bounty platform YesWeHack has banked $18.8 million in Series B funding to fuel international expansion. [Read More]
New Google Cloud offerings aim to help federal, state, and local government organizations in the U.S. implement zero-trust architecture. [Read More]
The CloudKnox deal is Microsoft’s fourth cybersecurity acquisition over the last 12 months and comes just weeks after Redmond announced plans to purchase threat-intelligence vendor RiskIQ. [Read More]
French President Emmanuel Macron leads a list of 14 current or former heads of state who may have been targeted for hacking by clients of the notorious Israeli spyware firm NSO Group, Amnesty International said Tuesday. [Read More]

FEATURES, INSIGHTS // Malware

rss icon

Idan Aharoni's picture
The fact that so many large and high-profile enterprises fall prey to ransomware attacks that in many cases does not pose any new technical challenge suggests that there are still many gaps that needs to be closed.
Gordon Lawson's picture
Threat hunting must be non-attributable, while maintaining a clear audit trail to satisfy legal and governance requirements.
Derek Manky's picture
Each side of the public-private collaboration has resources and capabilities that shore up the other and increase effectiveness in combatting cybercrime.
Tim Bandos's picture
The ransomware threat could still become more pervasive over the next two to three years, not because ransomware is effective in and of itself but because of other players in the game continue to fan the flames.
Derek Manky's picture
2020 has taught us to revisit the practice of inspecting encrypted traffic. These are all standard security protocols to step up in light of what cybercriminals are doing now.
Joshua Goldfarb's picture
Playing whack-a-mole with malicious code infections, phishing sites, and compromised credentials won’t help an enterprise reduce losses due to fraud.
Torsten George's picture
Ransomware is just one of many tactics, techniques, and procedures (TTPs) that threat actors are using to attack organizations by compromising remote user devices.
John Maddison's picture
Intent-based segmentation, deception technology, and an integrated security fabric are essential tools in beating malware designed to avoid detection and analysis.
Justin Fier's picture
The origin story of Mimikatz — a post-exploitation module that has enabled criminals to steal millions of passwords around the world — reads like an over-the-top spy thriller.
Siggi Stefnisson's picture
The truth is that quite a lot of malware is developed by an organization—an actual office of people that show up and spend their working day writing malware for a paycheck.