enterprise
CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
Log4Shell exploitation: Which applications may be targeted next?
Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from …
Spring4Shell: New info and fixes (CVE-2022-22965)
In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE …
Spring4Shell: No need to panic, but mitigations are advised
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …
BYOD and enterprise mobility market to reach $157.3 billion by 2026
Amid the COVID-19 crisis, the global market for BYOD and enterprise mobility estimated at $84.4 billion in the year 2022, is projected to reach a revised size of $157.3 …
Attackers employ novel methods to backdoor French organizations
An advanced threat actor has been spotted using distinctive, novel methods to backdoor French entities in the construction, real estate, and government industries. How the …
Attackers use Microsoft Teams as launchpad for malware
Hackers are starting to realize that Microsoft Teams is a great means of spreading tentacles throughout an organization’s systems; since the start of the year, Avanan …
Microsoft: Enterprise MFA adoption still low
While two-factor authentication usage in the consumer space is climbing quickly, enterprises are still straggling when it comes to using multi-factor authentication (MFA) to …
Understaffing persistently impacting enterprise privacy teams
A research from ISACA explores the latest trends in enterprise privacy — from privacy workforce and privacy by design to privacy challenges and the future of privacy. The …
Attackers connect rogue devices to organizations’ network with stolen Office 365 credentials
Attackers are trying out a new technique to widen the reach of their phishing campaigns: by using stolen Office 365 credentials, they try to connect rogue Windows devices to …
Phishers go after business email credentials by impersonating U.S. DOL
Phishers are trying to harvest credentials for Office 365 or other business email accounts by impersonating the U.S. Department of Labor (DOL), Inky‘s researchers have …
Enterprise PKI automation: The modern approach to certificate lifecycle management
Today’s modern enterprises face massive surges in the use of digital identities, both for machines, (servers, laptops and network devices) and for the humans who use them. In …
Don't miss
- Contextal Platform: Open-source threat detection and intelligence
- Using cognitive diversity for stronger, smarter cyber defense
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws
- Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)
- Malicious actors’ GenAI use has yet to match the hype