vulnerability
The SOC is blind to the attackable surface
A security operations center (SOC) is the central nervous system of any advanced cybersecurity program. Yet even the most well-funded, highly organized and properly equipped …
Cloud-native watering hole attack: Simple and potentially devastating
In this era of increasing technological complexity, watering hole attacks build on a model of simplicity. Just like predatory animals that hover near sources of water favored …
A rush to remote working leaving businesses vulnerable to cybercriminals
The COVID-19 pandemic forced businesses to quickly support remote working practices, often without proper security measures in place. Verizon reveals that many businesses may …
68% of construction executives have no cybersecurity measures in place
The construction industry may not appear to be an obvious target for cybercrime, but it garners unwanted online attention just like other sectors. According to a report by …
SAP applications are getting compromised by skilled attackers
Newly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities …
Vulnerabilities in ICS-specific backup solution open industrial facilities to attack
Claroty researchers have found and privately disclosed nine vulnerabilities affecting Rockwell Automation’s FactoryTalk AssetCentre, an ICS-specific backup solution. All of …
Massive increase in endpoint attacks, rising rate of encrypted malware and new exploits targeting IoT
Fileless malware and cryptominer attack rates grew by nearly 900% and 25% respectively, while unique ransomware payloads plummeted by 48% in 2020 compared to 2019, according …
5 key cybersecurity risks in 2021, and how to address them now
With an unexpected year of massive change behind us, many organizations have now an extensive remote workforce, new technologies in use, and digital transformation under way …
VMware patches critical vRealize Operations flaws that could lead to RCE
Two vulnerabilities (CVE-2021-21975, CVE-2021-21983) recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote …
The growing threat to CI/CD pipelines
Before the pandemic, most modern organizations had recognized the need to innovate to support developers’ evolving workflows. Today, rapid digitalization has placed a …
Nearly 40% of new ransomware families use both data encryption and data theft in attacks
Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are among the critical threats to organizations, according to F-Secure. One of the …
Using memory encryption in web applications to help reduce the risk of Spectre attacks
There’s nothing quite like an actual proof-of-concept to make everyone listen. I was pleased by the PoC released by Google security engineers Stephen Röttger and Artur Janc …
Featured news
Resources
Don't miss
- Security tooling pitfalls for small teams: Cost, complexity, and low ROI
- BloodHound 8.0 debuts with major upgrades in attack path management
- Back to basics webinar: The ecosystem of CIS Security best practices
- SonicWall firewalls targeted in ransomware attacks, possibly via zero-day
- AIBOMs are the new SBOMs: The missing link in AI risk management