Adobe released a fresh out-of-band security update to patch an improperly fixed ColdFusion zero-day vulnerability being actively exploited in the wild that allows attackers to bypass security controls. The update includes fixes for two other critical vulnerabilities.
Kevin Mitnick, the self-described "world's most famous hacker" - thanks in no small part to his being featured on the FBI's Most Wanted list during a two-year manhunt - has died at the age of 59. After serving time in prison, Mitnick went legit, warning others about the dangers of social engineering.
Unnecessary cyber alerts are a threat that can overwhelm defenders, leading to burnout and reduced efficiency within the team. Chris Waynforth, vice president and general manager at Expel, said adopting automation solutions to filter and prioritize alerts allows for more effective incident response.
While self-proclaimed Russian hacktivist groups such as KillNet, Tesla Botnet and Anonymous Russia claim they're wreaking havoc on anti-Moscow targets, a fresh analysis of their attacks finds that despite rampant self-promotion, their real-world cybersecurity impact is typically negligible.
Microsoft customers will gain access to expanded cloud logging capabilities at no additional cost just days after lower-level customers were unable to detect a Chinese cyberattack. CISA has identified several security logs - critical to detect and prevent threat activity - that currently cost extra.
The Russian Turla hacker group has targeted the Ukrainian defense sector and other Eastern European entities with a novel backdoor, dubbed DeliveryCheck, to deploy secondary payloads likely used for espionage, according to security researchers at Microsoft.
Product security is the other half of the security picture. While IT security focuses on an internal audience, product security teams must respond quickly to issues identified by customers and researchers. Quentyn Taylor of Canon EMEA discussed the value of product security programs.
Netcraft landed a DigiCert and Progressive Leasing executive as its CEO to expand the company's footprint in the U.S. and better identify cyberattacks in real time. The firm tapped Ryan Woodley to capitalize on the $100 million raised from Spectrum Equity by bringing more scalability via automation.
Cryptocurrency hackers are shifting their focus from bitcoin to other tokens and newer blockchain services such as cross-chain bridges for illicit activity. Why is the oldest crypto token so unappealing to hackers these days, and what do other options offer? Ari Redbord of TRM Labs explained.
President Xi Jinping directed state agencies to strengthen the government’s control over the internet and information technology sector, potentially discouraging investment in the country. Among the obstacles is a new Counter-Espionage Law focused on investigating foreign companies.
Cybercriminals may be using a generative AI tool called WormGPT to create convincing phishing emails to support business email compromise attacks. A new survey shows that 1 in 5 people fall for the fake, AI-generated emails, according to cybersecurity researchers.
Suspected Chinese hackers gained access to senior U.S. officials' emails by exploiting a zero-day vulnerability in Microsoft's cloud environment. While Microsoft said customers couldn't have prevented the attack, the U.S. government says logging was key to spotting it.
In the drive to build a more diverse workforce, security organizations are progressing in many ways, such as ensuring that required skills in job descriptions are more inclusive, said Ed Parsons of (ISC)². But he added that job recruiters need to "meet underrepresented groups where they are."
How can you tackle mobile app security and solve user concerns about usability? No-code cyber defense automation can be used to achieve security outcomes in seconds, build desired protections and prevent fraud and malware directly inside the CI/CD pipeline, said Appdome CEO Tom Tovar.
In the latest weekly update, ISMG editors discuss the complex task of phasing out magnetic stripe payment cards and why the United States lags behind, the great debate over best of breed vs. a single platform vendor approach, and AI insights from Palo Alto CIO Meerah Rajavel.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.