The Awake Security division of Arista Networks has discovered evidence linking the Hades ransomware gang to Hafnium, the state-sponsored threat actor operating from China that Microsoft says is behind the recent Exchange hacks.
The recent SolarWinds breach has brought vendor risk management into the spotlight. With 59% of data breaches being traced to third-party vendors and the average enterprise having 67 vendors with privileged access, managing third party risk is no longer optional, says Tony Howlett, Chief Information Security Officer (CISO) of SecureLink. Here, we speak to Howlett about why security and risk professionals need to take control of their third-party exposure and implement safeguards and processes to reduce their vulnerability.
One of many consequences of the COVID-19 pandemic is an increase in cybersecurity risks and in the complexity of implementing effective security to protect organizational information and computing infrastructure. As with pre-COVID security threats, well-proven cybersecurity strategies based on user and device authentication remain effective, and they now are more important than ever.
Slack rolled out a new cross-organizational direct messaging feature, and hours later disabled the option to send a message alongside an invite due to concerns that the feature could be used to send abusive messages or enable harassment.
Has the pandemic and remote working created an environment of heightened risk of insider data breaches? Here, Darren Cooper, Chief Technology Officer (CTO) for Egress, speaks to Security magazine about what organizations can do to prevent data loss.
The Synopsys Cybersecurity Research Center (CyRC) analyzed more than 3,000 popular Android applications to assess the state of mobile app security during the COVID-19 pandemic. The study targeted the most downloaded and highest grossing apps across 18 categories, many of which have seen explosive growth during the pandemic.
Clop ransomware group has allegedly hacked the grades and social security numbers for students at the University of Colorado and patient data of the University of Miami.
Cyberinsurance firm CNA Financial was reportedly hit by a possible cyberattack. The company is one of the largest insurance providers in the U.S.
The company's website is experiencing widespread network disruptions and employee services have been down for more than three days. CNA says it was hit by a sophisticated cyberattack and has engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing.
WhiteHat Security released AppSec Stats Flash Volume 3, the latest installment of the company’s monthly report and podcast reflecting on the current state of application security and the wider cyber threat landscape.
Another challenge is the new home office, where spouses may be working remotely, often alongside their children attending school online. Home networks lack typical protections and bifurcations of the corporate office and may be prone to attacks using lateral movement techniques. In these scenarios, after gaining initial access through an insufficiently protected device, such as a family computer, attackers move deeper into a network, searching for other devices to compromise or obtain increased privileges. This continued probing could eventually lead to the exfiltration of sensitive corporate data or high-value intellectual property.
