Cybersecurity News

RSS

Microsoft has warned that Nobelium is currently conducting a phishing campaign after the Russian-backed group managed to take control of the account used by USAID on the email marketing platform Constant Contact. The phishing campaign has targeted around 3,000 accounts linked to government agencies, think tanks, consultants, and non-governmental organizations.

Here are steps you can take to protect your enterprise against ransomware, limit the impact of a breach, understand where an attack can be stopped, and act fast if a hacker succeeds in gaining access.

Radware’s recently released “Quarterly DDoS Attack Report, which provides an overview of attack activity witnessed during the first quarter of 2021, found that while the total number of attacks held fairly steady from the previous quarter, attack volumes were up dramatically.

For years, healthcare providers lagged their corporate counterparts when it came to cybersecurity. Recently, they made up significant ground, recognizing the need to allocate sufficient funds, focus on fundamentals, and outsource functions they cannot cost-effectively perform in-house. Unfortunately, 2020 threw a huge wrench in the works.

To keep pace with the ever-evolving security industry, ASIS International released an update to the Protection of Assets (POA) reference set. Refreshed to reflect our changing times and keep security professionals on the leading edge of best practices in the field, this collection is to assist security management directors and professionals responsible for corporate asset protection. 

A web server hosting the domain for a local government in the United States was recently breached by advanced hackers taking advantage of old vulnerabilities in firewalls sold by Fortinet, according to an FBI Flash Alert issued. After gaining access to the local government organization's server, the advanced persistent threat (APT) actors moved laterally through the network and created new domain controller, server, and workstation user accounts mimicking already existing ones.

Streaming - and really all content creators and consumers - would not have accelerated as it did without that much-needed bandwidth. In much the same way, we see the idea of Zero Trust Network Security, introduced more than a decade ago, needing its own boost for more widespread adoption. That help has arrived in the form of Secure Access Service Edge (SASE), the ideal framework for Zero Trust.

Barak Tawily, Chief Technology Officer and Co-Founder of Enso Security, argues that most AppSec teams today spend most of their time creating relationships with developers and performing operational and product-related tasks — and not on application security. Here, we talk to Tawily about AppSec and why enterprise security should be concerned with AppSec.

App security is too important to be an afterthought. With the threats facing modern web applications, organizations need to find a new way to ensure protection without impeding innovation. To move forward, security and DevOps will need to work together to solve the challenges they face—in terms of both security and organizational politics.

The Department of Homeland Security’s Transportation Security Administration (TSA) announced a Security Directive that will enable the Department to better identify, protect against, and respond to threats to critical companies in the pipeline sector.