Security News

Open source cyberattacks increasing by 650%, popular projects more vulnerable
2021-09-17 05:00

Further, with regard to open source security risks, the report reveals a 650% year over year increase in supply chain attacks aimed at upstream public repositories, and a fascinating dichotomy pertaining to the level of known vulnerabilities present in popular and non-popular project versions. Open source supply, demand, and security dynamics Supply increased 20%. The top four open source ecosystems now contain a combined 37,451,682 different versions of components.

HP Omen Hub Exposes Millions of Gamers to Cyberattack
2021-09-16 12:01

Millions of devices running the HP Omen Gaming Hub were using on a driver with a bug that could give attackers kernel-mode access without administrator privileges. HP has since released a patch, but a new report on the flaw from researchers from SentinelLabs details how the gaming software was built in part by copying code from a problematic open-source driver called WinRing0.

Three ways to keep your organization safe from cyberattacks
2021-09-14 06:00

For CISOs, juggling the vast scale of a tech stack and the attackers using increasingly sophisticated techniques calls for a new approach to security to keep systems, data, and devices safe. We get alerts from our development platforms, the Continuous Integration system, the security monitoring tools, even our watches.

Jenkins Hit as Atlassian Confluence Cyberattacks Widen
2021-09-07 16:07

A just-patched, critical remote code-execution vulnerability in the Atlassian Confluence server platform is suffering wide-scale exploitation, the Feds have warned - as evidenced by an attack on the popular Jenkins open-source automation engine. Atlassian Confluence is a collaboration platform where business teams can organize its work in one place: "Dynamic pages give your team a place to create, capture, and collaborate on any project or idea," according to the website.

3 ways to protect yourself from cyberattacks in the midst of an IT security skill shortage
2021-09-06 06:00

With COVID-19 variants on the rise, widespread remote work may be sticking around longer than IT leaders would like, which comes with a heightened risk for cyberattacks that could expose customer data, steal company information, or take control of internal operations. Three out of four "Common" data security breaches are caused by privilege misuse - when employees have unrestricted access to a system even when it's not needed to do their job.

FBI and CISA warn of potential cyberattacks this holiday weekend, citing past trends
2021-09-02 13:36

On Tuesday, the FBI and CISA released an advisory, warning organizations to "Remain vigilant" to cybersecurity threats heading toward the holiday weekend. The federal advisory makes note of "Recent holiday targeting," stating that "Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends." Neither FBI nor CISA has information about a cyberattack "Coinciding with upcoming holidays and weekends," per the advisory, but the document says cybercriminals may see holidays and weekends as "As attractive timeframes" to "Target potential victims."

7 Ways to Defend Mobile Apps, APIs from Cyberattacks
2021-09-02 12:51

Hackers can easily access devices through mobile apps. Mobile app security threats have arisen over the years.

Boston Public Library discloses cyberattack, system-wide technical outage
2021-08-27 15:18

The Boston Public Library has disclosed today that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage. It is the third-largest public library in the United States behind the federal Library of Congress and the New York Public Library, based on the total number of items it holds.

If encryption is so good at protecting data, why do so many businesses succumb to cyberattacks?
2021-08-20 05:00

This form of encryption essentially creates a virtual safe for your data that can only be unlocked with a passcode. If encryption is so easy, why don't people do it?

Expert: Cyberattacks in the energy sector put lives in danger
2021-08-18 19:34

Zero-trust is a good way to prevent hackers from gaining control of our infrastructure and energy industries, expert says. TechRepublic's Karen Roby spoke with Greg Valentine, solution director for Capgemini, about cybersecurity in the energy sector.