Security News

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Threat actors commonly use these exploits to conduct attacks or spread laterally within a network.

India has slightly softened its controversial new reporting requirements for information security incidents and made it plain they apply to multinational companies. The rules were announced with little advance warning in late April and quickly attracted criticism from industry on grounds including the requirement to report 22 different types of incident within six hours, a requirement to register personal details of individual VPN users, and retention of many log files for 180 days.

Work toward an InfoSec certification with this online training bundle We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. Want to break into the InfoSec field? The 2022 Ultimate Information Security Certification Bundle offers a great first step.

Orca Security adds attack path analysis capability to improve the effectiveness of security teams. Keysight Technologies released CyPerf 2.0, a new subscription-based software solution that enables network equipment manufacturers to validate the performance and security of their offerings when deployed in complex distributed cloud environments utilizing zero trust security policies.

India's Computer Emergency Response Team has given many of the nation's IT shops a big job that needs to be done in a hurry: complying with a new set of rules that require organizations to report 20 different types of infosec incidents within six hours of detection, be they a ransomware attack or mere compromise of a social media account. The national infosec agency stated the short deadline is needed as it has identified "Certain gaps causing hindrance in incident analysis."

Cybersecurity service providers must for licenses to operate in Singapore, under new regulations launched by the country's Cyber Security Agency on Monday. Specifically, concerns were raised over whether service providers may aggregate or use anonymised client data for threat intelligence purposes, leading CSA to limit the scope of its license condition.

On the one hand, security leaders and CISOs must be able to communicate strategies clearly - instructions, incident response plans, and security policies. More so than just talking about the dollar value of a security policy security leaders need to show the importance of processes, tasks, decisions, and how threats and other security risks impact the math.

CybeReady offers a fully-managed security training platform that includes phishing simulations, security awareness, and compliance training capabilities, with built-in expertise already embedded into the training. VMware unveiled new container runtime security capabilities that build upon a strong end-to-end security offering to help customers better secure modern applications at scale.

Cybersecurity experts describe a still-maturing cybercriminal group that is testing its capabilities with a range of different attack methods - from data extortion to ransomware - and may be taking advantage of Russia's invasion of Ukraine, which is distracting and diverting malware pushers and cybersecurity vendors alike. "Based on their public behavior and communication observed from the group, it is believed that they are a completely new group and not simply a rebranded threat group," Tyler Croak, principal strategist at cybersecurity vendor Lookout, told The Register.

ShiftLeft Velocity Update enables application security and development teams to automate security controls. F5 announced a major expansion of its application security and delivery portfolio with F5 Distributed Cloud Services that provide security, multi-cloud networking, and edge-based computing solutions on a unified software-as-a-service platform.