The increasing reliance on collaboration tools such as Slack and Discord to support those working remotely during the COVID-19 pandemic has opened up new ways for fraudsters and cybercriminals to bypass security tools and deliver malware, Cisco Talos reports.
Loving your pet and creating tough-to-crack passwords should remain two distinctly separate activities. Unfortunately, Britain's National Cyber Security Center reports that more than 1 in 6 Brits admit to using the name of a pet as their password. And the problem is global.
The new world of "work from anywhere" is all about connecting users to applications. “It’s just different,” says iBoss CEO Paul Martini. Yet, many enterprises still approach this new dynamic with the wrong security mindset. Martini outlines what they’re missing.
Researchers have uncovered nine critical vulnerabilities in Rockwell Automation's FactoryTalk AssetCentre product, which, if exploited, potentially could enable attackers to control an OT network. An updated version of the product mitigates the flaws.
Crisis communications: If your organization suffers a ransomware outbreak - despite its best cybersecurity efforts - is it ready to respond quickly and transparently? Experts have lauded the Scottish Environment Protection Agency for its response, saying it's a model for other victims to emulate.
Attackers are targeting unpatched SAP applications, and the exploits could lead to the hijacking of the vulnerable systems, data theft and ransomware attacks, SAP and Onapsis Research Labs report. They note that patches for most of the flaws have been available for several years.
Today's cryptocurrencies are based on cryptographic standards that eventually could be broken via quantum computing, says Gideon Samid of BitMint, which has developed a virtual currency based instead on the concept of "quantum randomness."
To deliver a secure infrastructure-as-code service, development teams must adopt a "shift left" strategy that brings all the applications and security under one umbrella to provide faster and continuous delivery of the fully automated code, according to Ori Bendet and Igor Markov of Checkmarx.
When a breached organization such as Ubiquiti says it is "not currently aware of evidence" that attackers stole customer data, it too often means: "We don't know, because we failed to have in place the robust logging and monitoring capabilities that might have provided us all with real answers."
CISA and the FBI warn in a new alert that unidentified nation-state actors are scanning for three vulnerabilities in Fortinet's operating system, FortiOS, to potentially target government agencies and companies for cyberespionage.
The 475,000 euro fine levied against Booking.com by Dutch privacy authorities should serve as a "wake-up call" for other companies when it comes to GDPR, some experts say. The company waited more than 20 days to report the breach to officials instead of the 72-hour window required under Europe's privacy law.
Anyone wanting to invent a system designed to stoke widespread abuse by fraudsters would be hard-pressed to best the non-fungible token. Because they get bought and sold using cryptocurrency, it's only a question of when scammers will turn their attention to defrauding NFT aficionados.
The lack of automation and actionable threat intelligence may be preventing enterprises from developing the fully functional Cyber Fusion Centers they envision. Anomali's Mark Alba shares ideas on how to change that.