Security News
The USA's policy of decoupling its technology industries from China lacks a strategy, a theory of success, and an understanding of how to achieve its ill-defined goals, according to a new paper by Jon Bateman from the thinktank Carnegie Endowment for International Peace. "The United States cannot afford simply to muddle through technological decoupling, one of the most consequential global trends of the early twenty-first century," wrote Bateman, a former senior intelligence analyst, policy adviser and speechwriter at the US Department of Defense, in the document, titled "US China Technological 'Decoupling', a Strategy and Policy Framework."
A recent Hive ransomware attack carried out by an affiliate involved the exploitation of "ProxyShell" vulnerabilities in the Microsoft Exchange Server that were disclosed last year to encrypt an unnamed customer's network. "The actor managed to achieve its malicious goals and encrypt the environment in less than 72 hours from the initial compromise," Varonis security researcher, Nadav Ovadia, said in a post-mortem analysis of the incident.
In The State of Pentesting 2022 Report, Cobalt studied data from 2,380 pentests and surveyed 602 cybersecurity and software development professionals. The report focuses on issues and stats relevant to both the security and development teams.
Report: Many SMBs wouldn't survive a ransomware attack. A new report from cybersecurity provider CyberCatch reveals why SMBs may not be able to withstand an attack and offers advice on how they can better protect themselves.
Report: Organizations are better prepared to fight ransomware, but gaps remain. A report released Tuesday by disaster recovery provider Zerto examines how companies that seem prepared for an attack can still be vulnerable.
Report: Organizations better prepared to fight ransomware, but gaps remain. A report released Tuesday by disaster recovery provider Zerto examines how companies that seem prepared for an attack can still be vulnerable.
In this video, Craig Lurey, CTO and Co-Founder of Keeper Security, talks about the new secure add-on to the Keeper enterprise platform, called Compliance Reports. Keeper Compliance Reports allow Keeper Administrators to monitor and report the access permissions of privileged accounts across the entire organization, in a zero-trust and zero-knowledge security environment.
Cybercriminals have used fake emergency data requests to steal sensitive customer data from service providers and social media firms. As infosec journalist Brian Krebs first reported, some miscreants are using stolen police email accounts to send fake EDR requests to companies to obtain netizens' info.
The payment services giant advises that some users may continue to experience issues online or over the phone. The issues reported by users included being unable to log in to their Amex accounts, make payments, or get to an Amex customer service representative over the phone.
An independent security researcher has shared what's a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022. Sitel, through its acquisition of Sykes Enterprises in September 2021, is the third-party service provider that provides customer support on behalf of Okta.