eBook: Secure Software Development
Secure software development and DevSecOps are growing in importance as organizations increasingly rely on cloud infrastructures for critical applications. Given these and …
QakBot operators abandon ProLock for Egregor ransomware
Group-IB has discovered that QakBot (aka Qbot) operators have abandoned ProLock for Egregor ransomware. Egregor has been actively distributed since September 2020 and has so …
Week in review: Kali Linux 2020.4, AWS Network Firewall, speeding up malware analysis
Here’s an overview of some of last week’s most interesting news, reviews and articles: Kali Linux 2020.4 released: New default shell, fresh tools, and more! …
VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator
VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful …
New infosec products of the week: November 20, 2020
Group-IB launches Fraud Hunting Platform, a digital identity protection and fraud prevention solution Group-IB’s Fraud Hunting Platform analyzes each session and examines user …
56% of organizations faced a ransomware attack, many paid the ransom
There’s a continued proliferation of ransomware, heightened concerns around nation-state actors, and the need for acceleration of both digital and security …
Attacks on biotech and pharmaceutical industry escalate
Attacks on the biotech and pharmaceutical industry had increased by 50% between 2019 and 2020, according to a BlueVoyant report. The report highlighted that nation-states are …
Consumer behaviors and cyber risks of holiday shopping in 2020
While consumers are aware of increased risks and scams via the internet, they still plan to do more shopping online – and earlier – this holiday season, McAfee reveals. …
Financial services lead when it comes to fixing open source flaws
The financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components, Veracode …
Cisco Webex vulnerabilities may enable attackers to covertly join meetings
Cisco has fixed three bugs in its Cisco Webex video conferencing offering that may allow attackers to: Join Webex meetings without appearing in the participant list …
Google forces devs to reveal Chrome extensions’ data use, privacy practices
Starting January 2021, developers of Chrome extensions will have to certify their data use and privacy practices and provide information about the data collected by the …
The effectiveness of vulnerability disclosure and exploit development
New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible …
Featured news
Resources
Don't miss
- Building cyber resilience in banking: Expert insights on strategy, risk, and regulation
- CISO vs. CIO: Where security and IT leadership clash (and how to fix it)
- Why a push for encryption backdoors is a global security risk
- Innovation vs. security: Managing shadow AI risks
- Commix: Open-source OS command injection exploitation tool