Security News

A just-patched, critical remote code-execution vulnerability in the Atlassian Confluence server platform is suffering wide-scale exploitation, the Feds have warned - as evidenced by an attack on the popular Jenkins open-source automation engine. Atlassian Confluence is a collaboration platform where business teams can organize its work in one place: "Dynamic pages give your team a place to create, capture, and collaborate on any project or idea," according to the website.

With COVID-19 variants on the rise, widespread remote work may be sticking around longer than IT leaders would like, which comes with a heightened risk for cyberattacks that could expose customer data, steal company information, or take control of internal operations. Three out of four "Common" data security breaches are caused by privilege misuse - when employees have unrestricted access to a system even when it's not needed to do their job.

On Tuesday, the FBI and CISA released an advisory, warning organizations to "Remain vigilant" to cybersecurity threats heading toward the holiday weekend. The federal advisory makes note of "Recent holiday targeting," stating that "Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends." Neither FBI nor CISA has information about a cyberattack "Coinciding with upcoming holidays and weekends," per the advisory, but the document says cybercriminals may see holidays and weekends as "As attractive timeframes" to "Target potential victims."

Hackers can easily access devices through mobile apps. Mobile app security threats have arisen over the years.

The Boston Public Library has disclosed today that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage. It is the third-largest public library in the United States behind the federal Library of Congress and the New York Public Library, based on the total number of items it holds.

This form of encryption essentially creates a virtual safe for your data that can only be unlocked with a passcode. If encryption is so easy, why don't people do it?

Zero-trust is a good way to prevent hackers from gaining control of our infrastructure and energy industries, expert says. TechRepublic's Karen Roby spoke with Greg Valentine, solution director for Capgemini, about cybersecurity in the energy sector.

The zero-trust model prevents attacks, but also greatly limits the impact of a successful breach, such as a ransomware attack.

Facilities in the sector saw an average of 1,739 attacks per organization each week last month, according to Check Point Research. A report published Wednesday by cyber threat intelligence provider Check Point Research looks at the latest wave of cyberattacks against educational and research facilities in particular and offers tips on how to better combat them.

According to a recent Kaspersky report, 41% of parents said their child's school had experienced multiple cyberattacks and 55% said the school had suffered a single incident. "Threat actors have many motivations but the biggest reason to attack school systems is greed or the desire to profit from the attack by extorting schools via ransomware or the threat of attack," said Bryan K. Fite, global account chief information security officer at BT Global.