Millions still exposed despite available fixes
Although KEV catalog vulnerabilities are frequent targets of APT Groups, a large and exploitable attack surface remains due to software vendors’ lack of awareness and …
Managing the risks of unstructured data growth
Locating and identifying sensitive data, including defense-in-depth strategies where a series of mechanisms are layered to protect valuable information, should be a critical …
Infosec products of the month: March 2023
Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Appdome, Atakama, BreachLock, Elevate Security, Fastly, Forescout, …
Week in review: 3CX supply chain attack, ChatGPT data leak
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Visa fraud expert outlines the many faces of payment ecosystem fraud In this …
New infosec products of the week: March 31, 2023
Here’s a look at the most interesting products from the past week, featuring releases from BreachLock, HackNotice, LOKKER, Nile, and Tausight. HackNotice Actions helps people …
Overcoming obstacles to introduce zero-trust security in established systems
In this Help Net Security interview, Michal Cizek, CEO at GoodAccess, discusses the crucial balance between leveraging distributed resources and maintaining top-notch security …
The foundation of a holistic identity security strategy
Only 9% of organizations are taking an agile, holistic and mature approach to securing identities throughout their hybrid and multi-cloud environments, according to CyberArk. …
Cloud diversification brings complex data management challenges
As IT infrastructure becomes more diverse, organizations face the challenge of integrating data management and control, according to Nutanix. The research showed that the …
OSC&R open software supply chain attack framework now on GitHub
OSC&R (Open Software Supply Chain Attack Reference) is an open framework for understanding and evaluating software supply chain security threats. It has received the …
Ransomware gangs are exploiting IBM Aspera Faspex RCE flaw (CVE-2022-47986)
Attackers are exploiting a critical vulnerability (CVE-2022-47986) in the IBM Aspera Faspex centralized file transfer solution to breach organizations. About CVE-2022-47986 …
3CX customers targeted via trojanized desktop app
Suspected state-sponsored threat actors have trojanized the official Windows desktop app of the widely used 3CX softphone solution, a number of cybersecurity companies began …
Protect your entire business with the right authentication method
In this Help Net Security interview, Tomasz Kowalski, CEO at Secfense emphasizes the significance of multi-factor authentication in the corporate landscape, highlights the use …