Cybersecurity News
SOC Teams Burdened by Alert Fatigue Explore XDR
ESG research finds a complex attack surface and threat landscape make alerts too overwhelming to monitor accurately14 May 2021
Wi-Fi Design, Implementation Flaws Allow a Range of Frag Attacks
Every Wi-Fi product is affected by at least one fragmentation and aggregation vulnerability, which could lead to a machine-in-the-middle attack, researcher says.14 May 2021
‘Scheme Flooding’ Allows Websites to Track Users Across Browsers
A flaw that allows browsers to enumerate applications on a machine threatens cross-browser anonymity in Chrome, Firefox, Microsoft Edge, Safari and even Tor.
14 May 2021
Security Trends to Follow at RSA Conference 2021
Here are three key categories of sessions that provide an inside look at some of today's most interesting cybersecurity trends.14 May 2021
Verizon: Pandemic Ushers in ⅓ More Cyber-Misery
The DBRI – Verizon’s 2021 data breach report – shows spikes in sophisticated phishing, financially motivated cyberattacks and a criminal focus on web-application servers.
14 May 2021
Ransomware’s New Swindle: Triple Extortion
Ransomware attackers are now demanding cash from the customers of victims too.
14 May 2021
How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly
Experts from Intel, GitHub and KnowBe4 weigh in on what you need to succeed at security bug-hunting.
14 May 2021
Toshiba unit struck by DarkSide ransomware group
Following Colonial Pipeline, a DarkSide affiliate has claimed another victim.14 May 2021
Cloudflare wants to kill the CAPTCHA
Security keys could not only bolster authentication but may also remove one of the most annoying aspects of the internet.14 May 2021
Rapid7 source code, alert data accessed in Codecov supply chain attack
The breached source code subset was used for internal tooling.14 May 2021
Personalized Scams
Cyber criminals now have a wealth of information on almost all of us. With so many organizations getting hacked, cyber criminals simply purchase databases with personal information on millions of people, then use that information to customize their attacks, making them far more realistic. Just because an urgent email has your home address, phone number, or birth date in it does not mean it is legitimate.14 May 2021
Software, Incident Response Among Big Focus Areas in Biden's Cybersecurity Executive Order
Overall objectives are good, but EO may be too prescriptive in parts, industry experts say.13 May 2021
85% of Data Breaches Involve Human Interaction: Verizon DBIR
Ransomware, phishing, and Web application attacks all increased during a year in which the majority of attacks involved a human element.
13 May 2021
Colonial Pipeline Shells Out $5M in Extortion Payout, Report
According to news reports, Colonial Pipeline paid the cybergang known as DarkSide the ransom it demanded in return for a decryption key.
13 May 2021
Firms Struggle to Secure Multicloud Misconfigurations
Half of companies had at least one case of having all ports open to the public, while more than a third had an exposed database.13 May 2021
Ransomware Going for $4K on the Cyber-Underground
An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships.
13 May 2021
Dragos & IronNet Partner on Critical Infrastructure Security
The IT and OT security providers will integrate solutions aimed at improving critical infrastructure security13 May 2021
HelpSystems expands email, cloud security portfolio with acquisition of Agari, Beyond Security
The vendor is targeting areas ripe for growth in the cybersecurity field.13 May 2021
When AI Becomes the Hacker
Bruce Schneier explores the potential dangers of artificial intelligence (AI) systems gone rogue in society.
13 May 2021
Microsoft Adds GPS Location to Identity & Access Control in Azure AD
New capabilities let admins restrict access to resources from privileged access workstations or regions based on GPS location.13 May 2021
