Average company with data in the cloud faces $28 million in data-breach risk
Hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations — such as admin accounts without multi-factor authentication (MFA) — have left a dangerous …
Incident responders increasingly seek out mental health assistance
Incident responders are primarily driven by a strong sense of duty to protect others. This responsibility that’s increasingly challenged by the surge of disruptive attacks, …
MS Exchange zero-days: The calm before the storm?
CVE-2022-41040 and CVE-2022-41082, the two exploited MS Exchange zero-days that still have no official fix, have been added to CISA’s Known Exploited Vulnerabilities …
Researchers outline the Lazarus APT offensive toolset
ESET researchers uncovered and analyzed a set of malicious tools that were used by the Lazarus APT group in attacks during the end of 2021. The campaign started with spear …
How to start and grow a cybersecurity consultancy
A cybersecurity industry veteran, Praveen Singh is the co-founder and Chief Information Security Advisor at CyberPWN Technologies, a digital defense consulting firm. In this …
Many IT pros don’t think a ransomware attack can impact Microsoft 365 data
Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months, according to Hornetsecurity. The 2022 Ransomware Report, which …
Infosec products of the month: September 2022
Here’s a look at the most interesting products from the past month, featuring releases from: 42Crunch, Avetta, Cloudflare, Code42, Commvault, D3 Security, Illumio, Kingston …
Week in review: MS Exchange zero-days exploited, AD attack paths, developing secure APIs
SpyCast: Cross-platform mDNS enumeration tool SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in …
Attackers use novel technique, malware to compromise hypervisors and virtual machines
Unknown attackers wielding novel specialized malware have managed to compromise VMware ESXi hypervisors and guest Linux and Windows virtual machines, Mandiant threat analysts …
Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when …
New infosec products of the week: September 30, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Illumio, Malwarebytes, Netography, TransUnion, and Truecaller. TransUnion …
Top issues driving cybersecurity: Growing number of cybercriminals, variety of attacks
Fortifying cybersecurity defenses remains a work in progress for many organizations, who acknowledge their shortcomings but have yet to commit the necessary resources to the …
Featured news
Resources
Don't miss
- Webinar: Amplifying SIEM with AI-driven NDR for IT/OT convergence
- How CISOs can elevate cybersecurity in boardroom discussions
- A humble proposal: The InfoSec CIA triad should be expanded
- Rsync vulnerabilities allow remote code execution on servers, patch quickly!
- Contextal Platform: Open-source threat detection and intelligence