Organizations should start perceiving penetration testing not as a formalistic or superfluous security task but as a legal duty and, most importantly, as a valuable contribution to their competitiveness on the global market where customers strongly value that you care about security of their data.
Most IT leaders believe that ransomware attacks will be a greater concern in a hybrid workplace, with legal firms and healthcare organizations particularly concerned about this threat, according to a new Tessian report.
Cybercriminals have targeted the Bay Area water supply. Similar to the Oldsmar water treatment attack in Florida, the threat actor used legitimate credentials to break into remote access tool TeamViewer. After logging in, they deleted programs that the plant used to treat drinking water.
The insider risk is real for every organization, though it looks different among each one. Here, we cover obstacles to getting the message out about insider threat as well as practical techniques to improving your insider threat mitigation.
The International Security Foundation (ISF) announced that Secretary Madeleine Albright is the ISF 10th Anniversary Speaker for the ISF Virtual Reception on Wednesday, November 17, 2021, 5 PM EDT. The global virtual event, hosted by the ISF during OSAC’s virtual Annual Briefing week, celebrates OSAC’s private-public partnership with the OSAC Awards and celebrates the ISF’s 10th anniversary.
Sophos researchers have discovered a malware campaign whose primary purpose appears to stray from the more common malware motives. Instead, say the researchers, it appears to steal passwords or to extort a computer's owner for ransom, blocking infected users' computers from being able to visit a large number of websites dedicated to software piracy by modifying the HOSTS file on the infected system.
Many adversaries take advantage of new vulnerabilities and convert them into weaponized attacks, while extreme adversaries focus on supply chain and targeted attacks.
Many adversaries now take advantage of new vulnerabilities and convert them into weaponized attacks very easily and very quickly, while the extreme adversaries are now focusing on supply chain and targeted attacks. This combination makes for a very challenging environment for any modern enterprise.
Inon Shkedy, Head of Security Research for Traceable, who also serves as the API Security Project Lead at OWASP and has co-authored the OWASP API Top 10, talks to Security about API security risks.
RSS
