This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.
As much as public cloud use is growing, both in total volume and in diversification of services, it is not a one-way trend. To meet evolving business needs, organizations are moving applications and workloads back and forth between cloud and on-premises environments.
A patch is forthcoming for a privilege escalation vulnerability in the Windows operating system that can allow hackers to gain a foothold. Meanwhile, Linux OS users also need to adopt system upgrades to fix a flaw, and Oracle and Juniper have announced product patches.
The older vision of vulnerability management of addressing vulnerabilities in silos is too inefficient and expensive for today’s enterprise. IT and security groups of today must monitor a much larger attack surface. Infrastructures and applications can change on a daily, even hourly basis. As cybercriminals are...
Verizon’s 2019 Data Breach Investigations Report found that technology sector is particularly susceptible to both internal (56%) and external (44%) threats; with financial motives (67%) and industrial espionage (29%) being the major drivers. The technology industry is also particularly vulnerable to DDoS attacks....
A new exposé tracking how spyware has been used to target journalists and human rights advocates suggests attackers have been exploiting zero-day flaws in Apple applications and devices. Apple says the flaws, while serious, likely pose no risk to the vast majority of its users.
Newly uncovered malware dubbed "BioPass" is targeting clients of Chinese online gambling companies, Trend Micro says. The malware exploits popular livestreaming and video recording app Open Broadcaster Software Studio.
Attackers have been exploiting a zero-day flaw in SolarWinds' Serv-U Managed File Transfer Server and Serv-U Secured FTP software, the security software vendor warns. The company has released patched versions that mitigate the flaw, discovered by Microsoft, and is urging users to update.
Investment banking giant Morgan Stanley is the latest company to report a data breach tied to zero-day attacks on Accellion's legacy File Transfer Appliance - yet another indicator of the sustained impact of supply chain attacks.
This edition of the ISMG Security Report features three segments on battling ransomware. It includes insights on the Biden administration's efforts to curtail ransomware attacks, comments on risk mitigation from the acting director of CISA, plus suggestions for disrupting the ransomware business model.
As key elements of Palo Alto Networks secure access service edge (SASE) solution, SaaS Security and Enterprise DLP play a key role in enabling organizations to consistently protect their data, applications, and users across networks and clouds while avoiding the complexity of multiple point products (such as...
Disrupt the Network Security Status Quo
Nonstop malware variants delivered by attackers using automation...
Increasing complexity introduced by public and hybrid cloud adoption...
New cybersecurity risks due to the explosion of IoT devices...
With so many fundamental changes and challenges in today’s IT...
In the latest weekly update, a panel of Information Security Media Group editors discusses key topics, including cybersecurity trends for the second half of the year, IoT device security and the planned security features for Windows 11.
NIST has published its definition of "critical software" for the U.S. federal government as the standards agency begins fulfilling requirements laid out in President Biden's executive order on cybersecurity. The software part of the executive order looks to reduce the threat of supply chain attacks.
The Russian-linked cyberespionage group behind the supply chain attack against SolarWinds targeted Microsoft's customer support system as part of a new campaign, the company disclosed in a report. The group, called Nobelium, has been linked to recent attacks against a marketing firm used by USAID.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.
