Security News > 2021 > September

Ransomware attacks have accelerated at a feverish pace in the last year leaving small businesses, large enterprises, and government agencies scrambling to protect the lifeblood of their organizations - their data. Well, first you need to have a plan - for how to react and recover in the event of a ransomware attack.

SAP is leading this HR transformation with its human capital management solution, SAP SuccessFactors. With perimeter-based security no longer effective, you need a solution that understands SuccessFactors and can secure it regardless of how people are connecting and the data involved.

A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks. HTTP Request Smuggling, as the name implies, is a web application attack that tampers the manner a website processes sequences of HTTP requests received from more than one user.

All SQL injection attacks are harmful, but some are more harmful than others: accessing user information is one thing but altering or deleting it is another. A lot of languages come with built-in features that help prevent SQL injection, and so when writing SQL queries you can use a prepared statement to compile the query.

Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade as legitimate apps. Active since at least March 2020, the attacks leveraged as many as six dedicated Facebook profiles that claimed to provide news, two of which were aimed at Android users while the other four shared pro-Kurd content, only to share spying apps on Facebook public groups.

The U.S. Cyber Command on Friday warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments that could be abused by unauthenticated attackers to take control of a vulnerable system. "Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate," the Cyber National Mission Force said in a tweet.

In this interview with Help Net Security, David Taylor, managing director, Incident Response, Technology Consulting at Protiviti, explains why ransomware attacks are so common and effective, what makes organizations vulnerable to such attacks and what they can do to better protect themselves. Consider focusing on properly implementing a best practice security framework, perform regular security assessments, and practice organizational responses to ransomware via regular tabletop exercises.

To select a suitable container security solution for your business, you need to think about a variety of factors. Will I slow down development? Automated container security processes and policies are a crucial part of any container solution strategy.

In 2018, hackers famously compromised several cryptocurrency exchanges by compromising a popular software library used by most exchanges on the internet. Cryptocurrency exchanges are convenient, which means people will almost certainly continue to use them.

Technology challenges introduced by the COVID-19 pandemic and the emerging trend of remote work uncovered technology skills gaps at many organizations, which in turn required new approaches to upskilling efforts, a Pluralsight report reveals. "Closing the technology skills gap continues to be one of the biggest challenges facing enterprises. As organizations around the world responded to the pandemic by accelerating digital transformation initiatives, accelerating the move of applications to cloud platforms, and supporting remote employees, the need for effective and scalable upskilling tools became even more important."