Implementing a comprehensive identity security program might be described as a Holy Grail. But what does it mean to reduce the complexity for organizations and their employees? CyberArk's David Higgins outlines how to modernize an organization’s identity and access management, or IAM.
Attackers are actively exploiting a flaw in Microsoft Windows for which no patch is yet available. Microsoft has issued workarounds and mitigations designed to block the zero-day attack for the flaw in the MSHTML browsing engine, which is being exploited via malicious Microsoft Office documents.
New Zealand's Computer Emergency Response Team says it is aware of ongoing distributed denial-of-service attacks that have disrupted services at several organizations in the country, including some financial institutions and the national postal service.
Researchers say a pro-China influence operation leveraging a network of fake social media accounts has expanded, promoting in-person protests and narratives around COVID-19 and U.S. domestic policy, according to Mandiant, which does not definitively attribute the activity to the Chinese government.
It’s the largest attack surface in history, and adversaries are taking advantage by launching attacks at an unprecedented volume and velocity. Shashi Prakash of Bolster discusses how to monitor and manage this new and shifting range.
The U.S. SEC in a new advisory warns against schemes targeting digital assets. Security experts say that with social engineering attempts on the rise, individuals and organizations must defend against related scams and other "get rich quick" schemes.
Orchestration and automation have shifted from "nice to have" to "must-have" in the enterprise - particularly post-breach, says Christine Vanderpool, CISO at Florida Crystals Corp. She and Splunk's Ryan Kovar share insights and tips on how to get maximum value from these emerging technologies.
Google has identified three critical vulnerabilities affecting several Netgear smart switch products that, if exploited, give the attacker complete control over the compromised device. Netgear has issued a security advisory confirming that it has issued patches for 20 impacted products.
Cyberespionage breaches take longer to discover than financial breaches. One of the biggest clues to finding them lies in understanding suspicious network traffic. John Grim of the Verizon Threat Research Advisory Center shares insight from a new study of cyberespionage trends.
A Russian citizen, alleged to be working as a developer for the malware-spreading organization Trickbot, reportedly has been arrested at Seoul-Incheon International Airport. He was questioned by Korean authorities following an extradition request from the U.S.
Key challenges from the recent State of Cybersecurity 2021 report include "integrating risk with maturity and keeping up with industry trends," says Jenai Marinkovic, member of the ISACA Emerging Trends Working Group.
An Australian software engineer warns that he was able to create a fake digital COVID-19 vaccine certificate via the government's Express Medicare Plus app, and that the agency in charge has so far failed to acknowledge his bug report. He recommends Australia instead copy the EU's QR code system.
The Ragnar Locker ransomware operation has been threatening to dump victims' stolen data if they contact police, private investigators or professional negotiators before paying a ransom. But as one expert notes: "Perhaps the criminals watched too many TV shows, because this isn’t how the real world works."
Ireland's cybercrime police, the Garda National Cyber Crime Bureau, have conducted a "significant disruption operation" targeting the IT infrastructure of a cybercrime group, seizing multiple domains used in a May ransomware attack that disrupted Ireland’s national health services provider.
The most sought-after type of victim for ransomware-wielding attackers is a large, U.S.-based business with at least $100 million in revenue, not operating in the healthcare or education sector, with remote access available via remote desktop protocol or VPN credentials, threat intelligence firm Kela reports.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.