Security News

Cracked Labs examines how workplace surveillance turns workers into suspects Software designed to address legitimate business concerns about cyber security and compliance treats employees as...

56% of security professionals are concerned about AI-powered threats, according to Pluralsight. As AI continues to dominate the technology landscape, these concerns about potential threats in cybersecurity have rapidly surfaced.

The U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology. [...]

Here are the different types of IVR testing tools you'll need in order to run an efficient and successful system. It's also a good idea to run through automated testing any time you make any changes or additions to it, or integrate new software, like a CRM. These three main areas of testing are called functional testing, regression testing, and integration testing.

Implementing multicloud solutions is becoming increasingly paramount for organizations seeking to drive their business forward in the coming years. As a result, the role of cloud security is...

The UK's National Cyber Security Centre says it's in the planning stages of bringing a new suite of services to its existing Active Cyber Defence program. Existing services under ACD 1.0 such as Logging Made Easy and Protective DNS are already run by external partners - CISA and Cloudflare respectively - but some, such as Early Warning, can only ever be run by the NCSC due to their very nature.

Abusing existing RMM tools: Attackers gain initial access to an organization's network using preexisting RMM tools. Installing new RMM tools: Attackers install their preferred RMM tools by first gaining access to the network.

Redmond shared a technical incident response write-up on Saturday - titled "Windows Security best practices for integrating and managing security tools" - in which veep for enterprise and OS security David Weston explained how Microsoft measured the impact of the disaster: By accessing crash reports shared by customers. Weston's post justifies how Windows performed, on the grounds that kernel-level drivers - like those employed by CrowdStrike - can improve performance and prevent tampering with security software.

Microsoft has admitted that its estimate of 8.5 million machines crashed by CrowdStrike's faulty software update was almost certainly too low, and vowed to reduce infosec vendors' reliance on the kernel drivers at the heart of the issue. Redmond posted an incident response blog on Saturday - titled "Windows Security best practices for integrating and managing security tools" - in which veep for enterprise and OS security David Weston explained how Microsoft measured the impact of the incident: by accessing crash reports shared by customers.

Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America, South America, and Oceania, including two unnamed Asia-Pacific intergovernmental organizations.