The SaaS-to-SaaS supply chain is a wild, wild mess
Cloud migration and IT democratization have created a continuously growing network of interconnected business applications, integrated to digitize and automate business …
Top tech for enterprise identity governance and security
Clear Skye and Gradient Flow announced the findings of their survey exploring the state of identity governance and security in the enterprise. The survey questioned 500+ …
63% of cybersecurity pros say their stress levels have risen over the past year
Tines has released the findings from a report to shine light on mental health in the cybersecurity community. The increased pressures of the past few years, remote work, the …
How to avoid headaches when publishing a CVE
You have discovered a vulnerability. Congratulations! So, what happens next? Finding a CVE (Common Vulnerabilities and Exposures) is the first step in a process which starts …
10 best practices to reduce the probability of a material breach
ThoughtLab announced the findings of its 2022 cybersecurity benchmarking study which analyzed the cybersecurity strategies and results of 1,200 large organizations across 14 …
Researchers uncover URL spoofing flaws on Zoom, Box, Google Docs
Researchers have discovered several URL spoofing bugs in Box, Zoom and Google Docs that would allow phishers to generate links to malicious content and make it look like …
An offensive mindset is crucial for effective cyber defense
As ransomware attacks continue to increase and cybercriminals are becoming more sophisticated, the federal government has implemented a more proactive approach when it comes …
Is that health app safe to use? A new framework aims to provide an answer
A new framework for assessing the privacy, technical security, usability and clinical assurance and safety of digital health technologies has been created by the American …
Google Drive emerges as top app for malware downloads
Netskope published a research which found that phishing downloads saw a sharp increase of 450% over the past 12 months, fueled by attackers using search engine optimization …
Password reuse is rampant among Fortune 1000 employees
SpyCloud published an annual analysis of identity exposure among employees of Fortune 1000 companies in key sectors such as technology, finance, retail and telecommunications. …
Download guide: Evaluating third-party security platforms
A comprehensive third-party security program can align your vendor’s security with your internal security controls and risk appetite. Such a program can also help you …
Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)
May 2022 Patch Tuesday is here, and Microsoft has marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day under active attack (CVE-2022-26925) …
Featured news
Resources
Don't miss
- Balancing usability and security in the fight against identity-based attacks
- MSSqlPwner: Open-source tool for pentesting MSSQL servers
- Critical SimpleHelp vulnerabilities fixed, update your server instances!
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)