- Microsoft Cloud Security Exec Talks New Tech, WFH, Gamification
Gunter Ollman explains the benefits of CPSM technology, how IT security teams have evolved, and how the pandemic has shaped security.
- Kmart Hit by Egregor Ransomware
Egregor is also behind recent attacks on UbiSoft and Barnes & Noble.
- BECs and EACs: What's the Difference?
Email accounts are common targets for attack. Understanding how attack types differ is critical for successful defense.
- Intel Doubles Down on Emerging Technologies for Sharing and Using Data Securely
Homomorphic encryption and federated learning could allow groups to share data and analysis while protecting the actual information.
- Flash Dies but Warning Signs Persist: A Eulogy for Tech's Terrible Security Precedent
Flash will be gone by the end of the year, but the ecosystem that allowed it to become a software security serial killer is ready to let it happen again.
- Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise – and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new norma …
- Potential Nation-State Actor Targets COVID-19 Vaccine Supply Chain
Companies involved in technologies for keeping vaccines cold enough for safe storage and transportation are being targeted in a sophisticated spear-phishing campaign, IBM says.
- TrickBot's New Tactic Threatens Firmware
A newly discovered module checks machines for flaws in the UEFI/BIOS firmware so malware can evade detection and persist on a device.
- Researchers Discover New Obfuscation-As-a-Service Platform
Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.
- Common Container Manager Is Vulnerable to Dangerous Exploit
Container manager vulnerability is one of several weaknesses and vulnerabilities recently disclosed for Docker.
- Cloud Security Threats for 2021
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
- US Officials Take Action Against 2,300 Money Mules
Eight federal law enforcement agencies participated in the Money Mule Initiative, a global crackdown on money laundering.
- Researchers Bypass Next-Generation Endpoint Protection
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.
- From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
- Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.
- Open Source Flaws Take Years to Find But Just a Month to Fix
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.
- Cybersecurity in the Biden Administration: Experts Weigh In
Security pros and former government employees share their expectations and concerns for the new administration – and their hope for a "return to normal."
- FBI: BEC Scammers Could Abuse Email Auto-Forwarding
Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.
- Loyal Employee … or Cybercriminal Accomplice?
Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.
- Automated Pen Testing: Can It Replace Humans?
These tools have come a long way, but are they far enough along to make human pen testers obsolete?