Security News > 2021 > May

What can security leaders do to make sure they're prepared and hone their skills ahead of the next inevitable threat? Now, they can test themselves and their knowledge at a new website, 'The CISO Challenge'. The website features a challenge for InfoSec leaders to test their knowledge in an exciting, high-stakes, realistic series of scenarios.

Version 90 of Google's Chrome browser includes a bit of extra security for users of recent versions of Windows and the latest x86 processors, in the form of hardware-enforced stack protection. This basically means that, if your PC supports it, it's a bit harder for malicious websites to exploit bugs in Chrome to hijack your computer.

What are NFTs? NFTs are pieces of digital content that are stored on a blockchain, which is the same foundation for other cryptocurrencies, such as Bitcoin or Ethereum. The difference between NFTs and other cryptocurrencies like bitcoin is that NFTs are unique tokens, they cannot be replicated or traded with another equal NFT. How secure are NFTs? The short answer to this is not very secure.

Regardless of the anti-malware tools, firewalls, Sender Policy Framework or Domain-based Message Authentication, Reporting and Conformance solutions in place, it is clear that phishing emails are reaching individuals and organizations at an unprecedented rate, causing more consistently detrimental effects than many other security threats combined. What is the answer for businesses like FatFace or those desperate to avoid falling victim to this level of cybercrime? Bolstering email security is ultimately about striking the balance between protective technologies and sufficient staff training.

A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services. Nearly 66% of the recycled numbers that were sampled were found to be tied to previous owners' online accounts at popular websites, potentially enabling account hijacks by simply recovering the accounts tied to those numbers.

While the CMMC doesn't completely replace the National Institute of Standards and Technology SP 800-171, it does include and build on these standards for a clear purpose. Enter the CMMC. With this new regulation, the DoD establishes five levels of cybersecurity preparedness, ranging from level one to level five.

A trio of researchers at Palo Alto Networks has detailed vulnerabilities in the JET database engine, and demonstrated how those flaws can be exploited to ultimately execute malicious code on systems running Microsoft's SQL Server and Internet Information Services web server.In a talk today at Black Hat Asia titled Give Me a SQL Injection, I Shall PWN IIS and SQL Server, the three explained they found the JET engine - for years an underlying tech for Microsoft Access and other products, and still downloadable today - has many vulnerabilities.

There are four primary myths about cloud-based PKI solutions and digital certificate lifecycle automation that have kept organizations from adopting such solutions. Eliminating the pain of manual digital certificate management requires dispelling these myths and learning how to maximize the benefits of today's cloud-based solutions using PKI best practices.

XDR solves this problem by providing a single unified platform that will protect, detect and respond to incidences across the whole organization, preconfigured to be ready-to-go from deployment. Unlike many within the XDR market who merged multiple security products into one system, Red Piranha has built Crystal Eye XDR from the ground up, limiting the need for product integrations, as everything has been developed as one unified platform.

Cloud native adoption has both transformed the way organizations build modern applications and resulted in increased security threats and concerns, according to a research by Snyk. More than half of companies surveyed experienced a security incident due to misconfiguration or a known vulnerability in their cloud native applications.