Uncertainty is the most common driver of noncompliance
Most compliance leaders tend to focus on building an ethical culture in their organizations to improve employee behavior, but it has a limited impact on addressing uncertainty …
Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation …
Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!
More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched …
LastPass users targeted by vishing attackers
The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. “Initially, we learned of a …
Protobom: Open-source software supply chain tool
Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and …
51% of enterprises experienced a breach despite large security stacks
Threat actors are continuing to successfully breach across the entire attack surface and the stakes are only getting higher: 93% of enterprises who admitted a breach reported …
New infosec products of the week: April 19, 2024
Here’s a look at the most interesting products from the past week, featuring releases from IDnow, Immuta, Privacera, Redgate, ShadowDragon, and Tanium. ShadowDragon Horizon …
Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)
The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of …
Authorities take down LabHost, phishing-as-a-service platform
Law enforcement from 19 countries severely disrupted one of the world’s largest phishing-as-a-service platform, known as LabHost. This year-long operation, coordinated at the …
Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate
Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants — cheap, independently produced, and crudely constructed — on the dark web. The developers of …
Who owns customer identity?
When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team …
92% of enterprises unprepared for AI security challenges
Most industries continue to run almost two or more months behind in patching software vulnerabilities, endpoints remain vulnerable to threats, and most enterprise PCs must be …
Featured news
Resources
Don't miss
- AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged
- Using lightweight LLMs to cut incident response times and reduce hallucinations
- Fractional vs. full-time CISO: Finding the right fit for your company
- Product showcase: iStorage datAshur PRO+C encrypted USB flash drive
- Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300)