Microsoft has addressed companies who have not yet updated their systems to address the critical Zerologon flaw, a vulnerability in the cryptography of Microsoft's Netlogon process that allows an attack against Microsoft Active Directory domain controllers, making it possible for a hacker to impersonate any computer, including the root domain controller.
President-elect Joe Biden has announced the American Rescue Plan to "build a bridge towards economic recovery," during the coronavirus pandemic. The $1.9 trillion plan also aims to modernize federal information technology to protect against future cyberattacks.
In 2020, we adapted. So did bad guys. The FBI saw a 400% increase in cyberattacks as adversaries probed the new landscape for vulnerabilities. We haven’t even begun to see the results of these attacks. 2020 blew up expectations, and we should expect more of the same in the coming years.
In the age of heightened public cloud adoption and widespread cloud Software-as-a-Service (SaaS) usage, cybercriminals are making use of OAuth – a permissions delegation and authorization protocol – to compromise cloud environments. As such, controlling which applications users interact with has become a business imperative. Let’s take a closer look at what OAuth is, the role it plays in allowing users to access resources across environments, the ways attackers are abusing OAuth and what organizations can do to better protect their cloud data.
The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors.
On average, organizations experience 180 incidents involving sensitive data, or one every 12 working hours, according to Egress. The three top causes of outbound email data breaches include: the wrong recipient added, wrong file attached or replying to a phishing scam.
Finding and implementing a cybersecurity risk framework is a challenge every organization faces. Time has shown that this endeavor almost always calls for the heavy lifting to be carried by chief information security officers (CISOs) and their staff. So where do you start?
What are some current trends in cybersecurity threat research? To get some insight, we spoke to Aamir Lakhani, cybersecurity researcher and practitioner with FortiGuard Labs.
Vitaliy Panych has officially been appointed CISO to the state of California after spending the past two years as California’s acting chief information security officer.
RSS
