Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says. Firms offering cybersecurity services weigh in on the gaps and implementation challenges.
Criminals are doubling down on their use of information-stealing malware, such as Cryptobot, RedLine Stealer and QuilClipper, to steal private keys and siphon off cryptocurrency being stored in internet-connected hot wallets or to raid cryptocurrency holders' online exchange accounts.
EDR deployments will be underway at more than half of federal civilian agencies by the end of September, according to federal officials. CISA is currently in the process of deploying EDR across 26 federal civilian agencies and expects to have work underway at 53 agencies by Sept. 30, 2022.
Google will offer customers access to the same technology it uses to lock down developer workflows to ensure open-source dependencies are addressed. Assured Open Source Software will allow clients to ensure third-party software they're using is scanned, analyzed and fuzz-tested for vulnerabilities.
If you were a nation with legions of hackers at your disposal, seeking to sidestep crippling international sanctions, would you look to ransomware to fund your regime? That question is posed by new research that finds state-sponsored North Korean hackers haven't stopped their ransomware experiments.
Mature cybersecurity startups are beginning to slow hiring and prune operating expenses as macroeconomic storm clouds obscure future funding sources. Emerging vendors must grapple with an IPO market that has essentially dried up and investors unwilling to offer valuations anywhere near 2021 levels.
The Linux Foundation and the Open Source Security Foundation have put forth a nearly $150 million investment plan, spread across two years, to strengthen open-source security in the U.S. The plan was announced at the Open Source Software Security Summit II in Washington, D.C., on Thursday.
In the latest update, four editors at Information Security Media Group discuss the intriguing insights exposed by the leak of ransomware gang Conti's internal communications, the U.S. Treasury's first-ever sanctions on a cryptocurrency mixer and the latest cyber activity in Russia's hybrid war.
Many organizations struggle to understand how to approach application security program maturity. Caitlin Johanson and Dan Cornell of Coalfire share why AppSec maturity is important and offer strategies for how enterprises can evaluate their AppSec maturity levels and build a robust response.
In the latest "Troublemaker CISO" post, security director Ian Keller discusses the issue of supply chain security and whether you should disclose information about your supply chain to companies as part of the effort to secure it. His conclusion: Build your defenses and trust no one.
According to a recent survey conducted by Noname Security, 41% of
organizations experienced an API security incident in the last 12 months and
63% of the incidents involved a data breach or data loss. Filip Verloy, technical
evangelist, EMEA at Noname Security, says that “tighter integration of API
The United Kingdom has announced two proposed pieces of legislation - the Financial Services and Markets Bill and the Economic Crime and Corporate Transparency Bill - to regulate the digital assets industry and curb the use of virtual currency in illicit activity.
New CEO Bryan Ware plans to leverage LookingGlass' nascent attack surface management capabilities to capture clients in verticals such as pharmaceuticals, manufacturing and utilities. The company tapped former CISA leader Ware to serve as its next CEO following the acquisition of Next5.
The applications of Machine Learning in cybersecurity can make a significant impact on improving detection and reducing false positives, resulting in faster and more efficient security operations. But there is also a lot of noise and hype around this concept.
In this white paper, we approach AI from a realistic...
Noname Security has released its new API Security Trends Report and - no surprise - API usage has grown exponentially. The bad news: So have API attacks by opportunistic adversaries. Karl Mattson of Noname discusses the report and some new ways of approaching API security.