Security News

TechRepublic Premium Hiring Kit: Cloud Engineer Regardless of what business or what industry you are in, the potential benefits of cloud computing and cloud computing services are self-evident. With so many businesses flooding .... TechRepublic Premium Hiring Kit: Data Architect To make their best decisions, businesses need the best actionable information.

A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time. Kaspersky discovered the true nature of the malicious framework last year, finding evidence of its activity starting in 2017, with the malware wrongly classified as just a Monero cryptocurrency miner.

An updated version of a sophisticated backdoor framework called MATA has been used in attacks aimed at over a dozen Eastern European companies in the oil and gas sector and defense industry as...

An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe. The updated MATA framework combines a loader, a main trojan, and an infostealer to backdoor and gain persistence in targeted networks.

MITRE ATT&CK, a common language for cybersecurity professionals to communicate with each other and better understand real-world adversary behaviors, celebrates its 10th anniversary this fall. What were the main drivers behind the creation of the MITRE ATT&CK framework back in 2013?

New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework. Microsoft's container architecture uses what's called a dynamically generated image to separate the file system from each container to the host and at the same time avoid duplication of system files.

A consortium led by Splunk and AWS are hoping to fix this by standardizing how events are noted in logs, reducing the burden on security teams to decipher alerts they receive from multiple tools and vendors. Last week at Black Hat, security vendor Splunk announced the general availability of the Open Cybersecurity Schema Framework.

As cloud adoption pervades, one of the bigger security and privacy challenges for cloud service customers is having to relinquish a significant amount of control and ownership of their data and infrastructure to cloud service providers. Every CSP will implement security differently and every cloud model will have varying degrees of security control ownership, which is why it might be difficult for them to meet all security requirements.

A critical security vulnerability has been disclosed in the Open Authorization implementation of the application development framework Expo.io. API security firm Salt Labs said the issue rendered services using the framework susceptible to credential leakage, which could then be used to hijack accounts and siphon sensitive data.

Google on Wednesday announced the 0.1 Beta version of GUAC for organizations to secure their software supply chains. GUAC aims to aggregate software security metadata from different sources into a graph database that maps out relationships between software, helping organizations determine how one piece of software affects another.