Federal agencies NIST and CISA issued guidelines to defend organizations and vendors against acquiring or distributing programs compromised through software supply chain attacks.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Joint federal cybersecurity advisory warns of a tenacious cyber espionage campaign by Russian hackers against U.S. and allied networks using evolving TTPs of varying sophistication.
A new report from cybersecurity firm Sophos indicates that ransomware recovery costs have shot up in the past year, with the average case approaching $2 million in total expenses.
Microsoft says many IoT and operational technology devices suffer from 25 IoT security critical vulnerabilities originating from vulnerable SDKs, RTOS, and the C standard library.
Weak and compromised passwords are responsible for about 80% of hacking-related breaches. Today, there are more encryption options available to stop bad actors in their tracks.
By providing hosted services to businesses, telcos will need to consider privilege access management to secure not only their own infrastructure, but also that of their clients.
Remote Browser Isolation (RBI) is an emerging technology that has been constantly evolving and has come of age as a solution to stop ransomware attacks, including double extortion.
One would hope that credit bureau Experian had learned a lesson about data leaks but the agency has a new API security vulnerability that appears to have leaked the credit scores of nearly every American that has one.
A sophisticated ad fraud campaign was discovered deploying CTV botnets made up of nearly a million infected mobile Android devices making billions of ad requests.
Codecov supply chain attack remained undetected for months and likely affected Google, IBM, HP, and others. Hackers stole user data from the company’s continuous integration environment.










