Security News
There is an urgent need to secure tactical, operational, and strategic critical assets from the edge to the core. In this Help Net Security video, Geoffrey Mattson, CEO of Xage Security, discusses the steps enterprises and critical infrastructure must take to improve their environments from for-profit and nation-state attacks.
The U.S. Department of Homeland Security's Cyber Safety Review Board has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key. Almost 10 months after Microsoft started the investigation, the CSRB states there isn't any definitive evidence on how the threat actor obtained the signing key, regardless of what Microsoft previously claimed.
Jackson County, Missouri, is in a state of emergency after a ransomware attack took down some county services on Tuesday. "Jackson County has confirmed a ransomware attack was responsible for the disruption of several county services today," the Missouri county said.
While Ivanti said the remote code execution risks are limited to "Certain conditions," the company didn't provide details on the vulnerable configurations. "We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure," Ivanti added.
Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware. The prototype – currently...
Attack surface management (ASM) and vulnerability management (VM) are often confused, and while they overlap, they’re not the same. The main difference between attack surface management and...
In this Help Net Security interview, Marty Edwards, Deputy CTO OT/IoT at Tenable, discusses the impact of geopolitical tensions on cyber attacks targeting critical infrastructure. Edwards highlights the need for collaborative efforts between policymakers, government agencies, and the private sector to strengthen cybersecurity across critical infrastructure sectors.
You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but. Carl Engelbrecht March 29, 2024 7:53 AM. Why do technologists who know better continue to propagate the erroneous statement "Ransomware attacks".
We all know using a cloud-based identity provider expands your attack surface, but just how big does that attack surface get? And can we even know for sure? The first step towards mitigating the expanded attack surface in the cloud is recognizing the risks and potential vulnerabilities of cloud identity providers.
American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data. The Hot Topic fast-fashion chain has over 10,000 employees in more than 630 store locations across the U.S. and Canada, the company's headquarters, and two distribution centers.