Newly discovered microarchitectural data sampling flaws in Intel processors - collectively dubbed "ZombieLoad" - could be exploited to steal private data from PCs and servers, including shared cloud environments. Intel, Microsoft, Apple and others have begun to ship patches designed to help mitigate the problems.
Facebook is warning users of its WhatsApp messaging app to update immediately to fix a flaw that is being used to remotely install Pegasus surveillance software from Israel's NSO Group. WhatsApp says a "select number" of targets were hit by the attacks, which it has blamed on "an advanced cyber actor."
Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.
In a surprise turn of events, Symantec's CEO, Greg Clark, resigned on Thursday, the same day that the company reported that it had missed earnings estimates. The value of the anti-virus company's stock dropped almost 13 percent on Friday.
Do you know how attackers can move once they're inside your network? The access footprint changes constantly as users log on and off, restart systems, change roles, and access resources. Until now, these conditions have only been visible when skilled analysts inspect individual systems. Attack Surface Manager reveals...
During periods of rapid growth, your business is especially vulnerable to cyberattacks from both malicious insiders, and external threat actors. Extended periods of IT change and consolidation can open seemingly minor security gaps that can quickly become gaping holes attackers will exploit. This quick read will...
We've all seen what's possible with the Dark Web thanks to Silk Road. If you're interested in buying or selling someone's private data like social security numbers or credit card information, it's disturbingly easy to do. All you need is a computer, a Tor Browser and Cryptocurrency, and it's all completely...
Over the past year, cyber defenders have seen a high level of innovation from cybercriminals, who are leveraging new tactics, techniques and procedures (TTPs) to maintain persistence and counter incident response efforts.
To better determine how cybercriminals are hiding behind invisibility cloaks to remain...
Multi-stage attacks use diverse and distributed methods to circumvent existing defenses and evade detection - spanning endpoints, networks, email and other vectors in an attempt to land and expand. Meanwhile, individual tools including DLP, EDR, CASBs, email security and advanced threat protection are only designed to...
Managing Active Directory can be painful. Native tools have limited capabilities, which leads to inefficiencies, such as managing user accounts or group membership via manual processes or scripts. To make things even more interesting, Microsoft has introduced Azure Active Directory (AAD). It's a cloud-based directory...
Overall, Password Strength Scores follow the trends for Security
Scores: As companies get bigger, on average their Password
Strength Score goes down.
For businesses with fewer than 25 employees, the average total
Password Strength Score is 53. At more than 10,000 employees,
the average score drops to...
Forget inside/outside the perimeter when mitigating
risks. That's the notion behind "zero trust," which means
applying risk-based controls to safeguard access.
Download this whitepaper to learn more about:
Cloud service attack trends;
Best practices for mitigating risks;
How to make the concept of "zero trust"...
Aluminum giant Norsk Hydro has been hit by LockerGoga ransomware, which was apparently distributed to endpoints by hackers using the company's own Active Directory services against it. To help safeguard others, security experts have called on Hydro to release precise details of how it was hit.
Is your security team blind to the activities in more than half of its IT assets? That was just one of the findings in a new report from 451 Research, based on in-depth interviews with security leaders across 150 large enterprises and focused on the challenges facing their teams. On average, the report found SIEMs...
SIEM (security information and event management) software offers a lot of promise, but legacy SIEMs simply can't keep up with the rate and sophistication of today's cyberattacks. Organizations today require access to analytics-driven SIEMs that combine a big data platform that is optimized for machine data with...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.
