Because cybersecurity events are complicated, we rely on analogies to understand how they work. Analogies are useful, but certain oversimplifications are perpetuating inaccurate narratives. These inaccuracies misdirect productive discussion and as a result, proposed policy and solutions are being based on faulty assumptions. A faulty premise can only yield flawed results…and cyber national security is not an area in which the United States has margin for error.
Bitdefender security researchers have discovered a threat group likely based in Romania that's been active since at least 2020. They've been targeting Linux-based machines with weak SSH credentials, mainly to deploy Monero mining malware, but their toolbox allows for other kinds of attacks.
SonicWall has issued an "urgent security notice" warning customers of ransomware attacks targeting unpatched end-of-life (EoL) Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products.
Salt Labs researchers investigated a large financial institution’s online platform that provides API services to thousands of partner banks and financial advisors. As a result of multiple API vulnerabilities, researchers were able to launch attacks where:
I dare to say this: “companies need to stop playing the game of pin the blame on the developer whenever a security vulnerability is discovered or exploited in applications.” Rather than pointing fingers at developers, organizations need to empower these professionals to help them build and expand their cloud-based initiatives without having to worry about security.
Fashion retailer Guess recently announced a data breach that compromised 1,300 people and their information, including account numbers, debit and credit card numbers, social security numbers, access codes and personal identification numbers.
Digital Shadows published new research revealing that in the last four months, each of its clients experienced on average 360 domains impersonating their company and brand name – nearly 1,100 per year, on average.
Morgan State University’s (MSU) Cybersecurity Assurance and Policy (CAP) Center has been awarded a $3.2 million National Science Foundation (NSF) grant to implement the agency’s novel CyberCorps Scholarship for Service (SFS) program at Morgan, providing 24 cybersecurity scholarships to undergraduate and graduate students.
In a Security magazine webinar, Fairwinds President Kendall Miller and Solutions’ Architect, Ivan Fetch, discuss what you need to know about Kubernetes security.
Well-meaning but negligent users are the biggest data loss risk: More than 70 percent of organizations say the biggest data loss risk is the well-meaning but negligent employee.
