News

noops code developer devops html web developer by mazimusnd getty
Insider threats  >  Employees suspiciously peering over cubicle walls

wind turbines energy utilities innovation alternative energy by anna jimenez calaf unsplash

Fortress creates center for security information on energy suppliers

Vendor library offers means to bolster supply-chain security through data sharing and communication.

sucessfully transitioning to devsecops

Deepfence revamps ThreatMapper with new scanner, runtime SBOMs

The latest version of open-source ThreatMapper includes a secret scanner to observe and report sensitive information left inadvertently in production environments, and the ability to generate runtime SBOMs to map and observe key...

EU / European Union / GDPR data privacy, regulation, compliance

Meta fined €17 million by Irish regulator for GDPR violations

In the wake of 12 data breaches reported in 2018, Facebook’s parent company hit with hefty fine for failing to follow GDPR regulations related to its ability to demonstrate data privacy protection practices.

Ransomware

New ransomware LokiLocker bundles destructive wiping component

LokiLocker also uses an unusual obfuscation technique to avoid detection.

incoming emails / DNS security / locked server / parked domain

Cloudflare unveils email security tools, free WAF ruleset, and API gateway

Cloudflare has announced a slew of new products, including a suite of email security tools for phishing and malware detection, a free WAF ruleset and a machine-learning powered API gateway.

Binary Russian flag

Germany's BSI warns against Kaspersky AV over spying concerns

The warning renews global concerns about using Russian-made software as the country continues its assault on Ukraine.

network security concept

SentinelOne to buy Attivo Networks for $617M, bringing ID-based security to XDR platform

Known as an endpoint protection vendor, SentinelOne is broadening its appeal by adding an identity-focused security layer to its Singularity XDR (extended detection and response) platform, in a $616.5 million deal.

lawsuit judge law court decision sued

Webroot files patent infringement claim against Trend Micro

The lawsuit accuses Trend Micro of using Webroot's patented malware detection, network security, and endpoint protection technologies without authorization.

internet web browser https / url address bar

Traffic interception and MitM attacks among security risks of Russian TLS certs

Russia's launch of a domestic TLS Certificate Authority to bypass Western sanctions and replace revoked and expired certificates amid the invasion of Ukraine poses significant security threats.

mwc intel brian krzanich 5g drone stock image

Are Ukraine’s drone capabilities being throttled in Russia-Ukraine conflict?

Chinese drone producer DJI Global is accused of limiting capabilities of its AeroScope technology for the Ukrainian army, giving an air reconnaissance edge to Russian invaders.

Binary stream flowing through the fingers and palm of an upturned hand.

Nearly 70% of tested ServiceNow instances leaking data

The blame lies with customer misconfigurations, not flaws in the SaaS platform.

Targeting user behavior.

SEC plans four-day cybersecurity breach notification requirement

The US stock market regulator wants to tighten reporting requirements for security breaches at publicly traded firms.

ransomware breach hackers dark web

Alleged REvil ransomware hacker extradited and arraigned in Texas

The DOJ charges that Ukrainian national Yaroslav Vasinskyi made $2.3 million from ransoms, after demanding more than $760 million from companies that had fallen victim to REvil ransomware attacks.

Tech Spotlight   >   Cybersecurity [CSO]   >   Hands gesture in conversation

HackerOne calls for end of security by obscurity

The bug hunting platform offers a proposal for greater corporate cybersecurity responsibility and transparency.

data pipeline primary

Dirty Pipe root Linux vulnerability can also impact containers

Researchers have shown that the Dirty Pipe vulnerability can be used to modify protected files and gain root rights.

DDOS attack

High-impact DDoS attacks target zero-day exploit in Mitel systems

Security researchers, network operators and security vendors discover a new reflection/amplification DDoS vulnerability used to launch multiple, high-impact attacks against Mitel systems.

CSO  >  danger / security threat / malware / grenade-shaped flash drive

China-aligned APT renews cyberattack on European diplomats, as war rages

As Russia's war on Ukraine intensifies, China-aligned threat actor TA416 has been detected ramping up its cyberattack campaign against European diplomats.

A circuit board with CPU / chip displaying glowing binary code.

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.

Load More