The International Security Foundation (ISF) announced that Secretary Madeleine Albright is the ISF 10th Anniversary Speaker for the ISF Virtual Reception on Wednesday, November 17, 2021, 5 PM EDT. The global virtual event, hosted by the ISF during OSAC’s virtual Annual Briefing week, celebrates OSAC’s private-public partnership with the OSAC Awards and celebrates the ISF’s 10th anniversary.

Sophos researchers have discovered a malware campaign whose primary purpose appears to stray from the more common malware motives. Instead, say the researchers, it appears to steal passwords or to extort a computer's owner for ransom, blocking infected users' computers from being able to visit a large number of websites dedicated to software piracy by modifying the HOSTS file on the infected system.

Many adversaries now take advantage of new vulnerabilities and convert them into weaponized attacks very easily and very quickly, while the extreme adversaries are now focusing on supply chain and targeted attacks. This combination makes for a very challenging environment for any modern enterprise. 

Inon Shkedy, Head of Security Research for Traceable, who also serves as the API Security Project Lead at OWASP and has co-authored the OWASP API Top 10, talks to Security about API security risks.

Avanan analysts have recently discovered an exploit vector in Google Docs that attackers are using to deliver malicious phishing websites to victims.

Microsoft’s Edna Conway, Chief Security and Risk Officer of Azure, will lead a webinar, Operational Resilience in a Hyperconnected World, on June 17, 2021 at 2:00 p.m. EDT, and provide a real-world, tangible approach to address security and resilience to support you in your journey to operational resilience. 

With the assistance and coordination of Interpol and law enforcement officers from the Republic of Korea and the United States, Ukrainian police have arrested six alleged members of the Clop ransomware gang. 

Just as organizations require a show of security and compliance due diligence for their enterprise applications, so should they be doing for their IoT devices. They should also be putting this same pressure on their suppliers.

The McAfee Advanced Threat Research team (ATR) uncovered a flaw (CVE-2021-33887) in the Android Verified Boot (AVB) process that left the Peloton vulnerable. 

Regardless of whether employees are on-site or remote, this convenience is now a permanent cyber-risk for businesses. Listed below are the top 5 challenges in this new hybrid environment: