Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
The new 'Aviary' dashboard will help visualize and analyze output from Sparrow, a CISA-developed tool for detecting potentially malicious activity in Microsoft Azure and Microsoft 365 environments. [Read More]
Cisco patches a critical vulnerability in an SD-WAN software product but warned that a different high-risk bug in end-of-life small business routers will remain unpatched. [Read More]
Proofpoint warns that attackers are leveraging compromised supplier accounts and supplier impersonation to send malware, steal credentials and perpetrate invoicing fraud. [Read More]
Researchers have discovered FlixOnline, new Android malware that uses Netflix as its lure and spreads malware via auto-replies to WhatsApp messages. [Read More]
A joint report from SAP and Onapsis warns that advanced threat actors are targeting new vulnerabilities in SAP applications within days after the availability of security patches. [Read More]
Researchers report that a subgroup of the Molerats APT is employing voice changing software in attacks targeting regional adversaries and political opponents. [Read More]
In a new pilot program, the U.S. DoD invites the HackerOne community to remotely test the participating DoD contractors’ assets and report on any identified vulnerabilities. [Read More]
The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) warns that APT actors are exploiting Fortinet FortiOS vulnerabilities in attacks targeting commercial, government, and technology services networks. [Read More]
VMWare fixes a serious URL-handling vulnerability in the Carbon Black administrative interface and warns of authentication bypass and potential code execution risks. [Read More]
Researchers warns that tens of thousands of QNAP SOHO NAS devices potentially impacted by unpatched remote code execution flaws. [Read More]
- 1 of 86
- ››
FEATURES, INSIGHTS // Identity & Access
Josh Goldfarb debunks the most common myths surrounding fraud, security and user experience.
Domain controllers, Active Directory, and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access.
Ultimately, organizations must assume that bad actors are already in their networks. And consumers must realize they’re constant targets.
Today’s dynamic threatscape requires security professionals to adjust to an ever-expanding attack surface.
The tactics, techniques, and procedures (TTPs) used in the Twitter attack were not much different than in the majority of other data breaches and serve as valuable lessons for designing a modern cyber defense strategy.
Let’s look at some real-world examples of the identity management challenges remote work is creating, and at what it means to rethink identity governance and lifecycle to meet those challenges.
The integration of identity with security is still work in progress, with less than half of businesses having fully implemented key identity-related access controls according to a research study.
Today’s economic climate exacerbates risks of insider threats, as pending furloughs or pay cuts may tempt employees to exfiltrate data to secure a new job, make up for income losses, etc.
With IT budgets being cut back in response to the economic contraction caused by the current health crisis, security teams need to deliver more with less.
Static passwords lack the ability to verify whether the user accessing data is authentic or just someone who bought a compromised password.
- 1 of 10
- ››
Get the Daily Briefing
- Vulnerabilities in OpENer Stack Expose Industrial Devices to Attacks
- How the Kremlin Provides a Safe Harbor for Ransomware
- Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices
- Industry Reactions to FBI Cleaning Up Hacked Exchange Servers: Feedback Friday
- More Countries Officially Blame Russia for SolarWinds Attack
- Sanctioned Russian IT Firm Was Partner With Microsoft, IBM
- Google Project Zero Announces 2021 Updates to Vulnerability Disclosure Policy
- Google Broke Australian Law Over Location Data Collection: Court
- Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack
- Cloud Forensics Firm Cado Security Raises $10 Million in Series A Funding
Copyright © 2021 Wired Business Media. All Rights Reserved. Privacy Policy