Security News > 2021 > May

Researchers on Tuesday disclosed a new espionage campaign that resorts to destructive data-wiping attacks targeting Israeli entities at least since December 2020 that camouflage the malicious activity as ransomware extortions. "An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets," the researchers said.

The last year has taught us that online training can absolutely deliver the same learning experience as traditional in-person training. Cybersecurity training experts SANS has reworked its training approaches and added the option of In-Person Live Stream Training.

The Entrust Remote Signing Service provides verified employee identities and strong authentication, which can help facilitate compliance with legal and regulatory requirements. The Entrust Remote Signing Service lets Entrust take care of issuing, storing, and maintaining the signing infrastructure for the customer, with seamless integration to the customer's document workflow application.

A pair of techniques to surreptitiously alter the content of certified PDFs have been detailed by researchers in Germany. Using certified PDFs is increasingly common in business.

Determining the true impact of a cyber attack has always and will likely be one of the most challenging aspects of this technological age. In an environment where very limited transparency on the...

Each vendor, platform, and application has its own approach to patch management. These processes can alleviate patch management pitfalls, support staff, and up-level an organization's overall security posture.

Identity governance shouldn't be celebrated as a singular component of security, but rather a capability that should be woven into the data governance fabric of every organization. With the ability to safeguard information, facilitate compliance, and streamline work processes, it's hard to believe identity governance is not a typical business priority.

This article talks about label standard and best practices for Kubernetes security, a common area where I see organizations struggle to define the set of labels required to meet their security requirements. My advice is to always start with a hierarchical security design that can achieve your enterprise security and compliance requirements, then define your label standard in alignment with your design.

The World Economic Forum has brought together industry and cybersecurity experts from companies and organizations such as Siemens Corp, Saudi Aramco, Royal Dutch Shell, the Cyber Security Agency of Singapore, the U.S. CISA, industrial cybersecurity company Dragos and many others to compile a blueprint for enhancing cyber resilience across the oil and gas industry. Cyber attacks targeting organizations in the oil and gas industry are a daily occurrence, though they seldom lead to high profile outcomes and real-world effects like the recent Colonial Pipeline attack.

Constella Intelligence released the results of a survey that unlocks the behaviors and tendencies that characterize how vigilant organizations' leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge. Cybersecurity leaders not paying much attention to cyber hygiene.