enterprise
Google Cloud Platform allows data exfiltration without a (forensic) trace
Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s …
Microsoft Exchange admins advised to expand antivirus scanning
After having stressed the importance of keeping Exchange servers updated last month, Microsoft is advising administrators to widen the scope of antivirus scanning on those …
Third-party risks overwhelm traditional ERM setups
Enterprise risk management (ERM) teams are struggling to effectively mitigate third-party risk in an increasingly interconnected business environment, according to Gartner. …
Microsoft announces automatic BEC, ransomware attack disruption capabilities
Last year, Microsoft announced automatic attack disruption capabilities in Microsoft 365 Defender, its enterprise defense suite. On Wednesday, it announced that these …
Cybersecurity layoffs in 2023: What to expect?
The economic downturn predicted for 2023 will lead to layoffs but cybersecurity workers will be least affected, says the latest (ISC)² report. Also, as soon as things get …
VMware patches critical injection flaw in Carbon Black App Control (CVE-2023-20858)
VMware has fixed a critical vulnerability (CVE-2023-20858) in Carbon Black App Control, its enterprise solution for preventing untrusted software from executing on critical …
What can we learn from the latest Coinbase cyberattack?
Cryptocurrency exchange Coinbase has fended off a cyberattack that might have been mounted by the same attackers that targeted Twillio, Cloudflare and many other companies …
Helping users and organizations build an instinctive data privacy habit
Each year at the end of January, internet users are deluged with advice on how to keep their data protected and reclaim their online privacy. What started as Data Privacy Day …
Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)
Australian software maker Atlassian has released patches for CVE-2023-22501, a critical authentication vulnerability in Jira Service Management Server and Data Center, and is …
Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)
Cisco has released patches for a high-severity vulnerability (CVE-2023-20076) found in some of its industrial routers, gateways and enterprise wireless access points, which …
Attackers used malicious “verified” OAuth apps to infiltrate organizations’ O365 email accounts
Malicious third-party OAuth apps with an evident “Publisher identity verified” badge have been used by unknown attackers to target organizations in the UK and …
DigiCert releases new unified approach to trust management
New solution brings together full stack of CA-agnostic certificate lifecycle management, PKI services and tightly integrated public trust issuance. We rarely consciously think …
Featured news
Resources
Don't miss
- Okta users under attack: Modern phishing kits are turbocharging vishing attacks
- One-time SMS links that never expire can expose personal data for years
- More employees get AI tools, fewer rely on them at work
- Energy sector orgs targeted with AiTM phishing campaign
- Exposed training apps are showing up in active cloud attacks