What “next-gen” identity security actually means – and why it’s increasingly...
Matt Mills, President, SailPoint From smartphones to video game consoles, people love to throw around the term “next generation.” But what does it actually mean? Well, when the term is applied to a...
View ArticleClik here to view.
OWASP Top 10 OSS Risks: A guide to better open source security
Calls for a critical look at how open-source software (OSS) is secured and used have been increasing after a number of recent scares exposed vulnerabilities and risks, in particular the XZ Utils...
View ArticleCustomers of Sisense data analytics service urged to change credentials
The US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to change any credentials they might have shared or stored with Sisense, a data analytics software and services...
View ArticleISC2 study pegs average US cybersecurity salary at $147K, up from $119K in 2021
Salaries for cybersecurity professionals have jumped more than 23% since 2021, according to the 2024 annual workforce study from ISC2, the organization that maintains and administers the CISSP...
View ArticleTop cybersecurity product news of the week
Palo Alto Networks introduces cloud capabilities to Cortex XSIAM April 11: Palo Alto Networks has introduced cloud capabilities to Cortex XSIAM that combine enterprise security and cloud detection...
View ArticleTop cybersecurity M&A deals for 2024
Cybersecurity continues to remain one of the biggest concerns in global information technology in 2024 following a year that saw security incidents continue to grow at an alarming rate. After...
View ArticleCISA opens its malware analysis and threat hunting tool for public use
The US Cybersecurity and Infrastructure Security Agency (CISA) is opening a government tool for analyzing malware to all. Malware Next-Gen is already used by US government agencies to submit malware...
View ArticleCISA orders US government agencies to check email systems for signs of...
Russian nation-state hackers have exploited a recent Microsoft email compromise to steal the emails of government agencies, the US Cybersecurity and Infrastructure Security Agency (CISA) has...
View ArticleAttackers exploit critical zero-day flaw in Palo Alto Networks firewalls
Network security vendor Palo Alto Networks released mitigation instructions for an actively exploited vulnerability in PAN-OS, the software that powers its next-generation firewall (NGFW) products....
View ArticleOpen-source scanner can identify risky Microsoft SCCM configurations
One of the researchers that recently compiled a knowledge base of common misconfigurations and attack techniques impacting Microsoft System Center Configuration Manager (SCCM), has developed an...
View Article6 bad cybersecurity habits that put SMBs at risk
Small and medium businesses (SMBs) have increased their digital footprint, embracing remote work, employing more internet-connected devices, and adopting new tools and technologies. They now find...
View ArticleHacker dumps data of 2.8 million Giant Tiger customers
A threat actor has reportedly claimed responsibility for a March 2024 data breach that affected the Canadian retail chain Giant Tiger, which compromised 2.8 million customer records. The breach, which...
View ArticleUS supreme court ruling suggests change in cybersecurity disclosure process
The United States Supreme Court unanimous ruling on an SEC disclosure case on Friday could have direct consequences on how security executives report cybersecurity incidents. The decision in the...
View Article10 tips to keep IP safe
Intellectual property (IP) is the lifeblood of every organization. It didn’t used to be. As a result, now more than ever, it’s a target, placed squarely in the cross-hairs by various forms of cyber...
View ArticleSensitive US government data exposed after Space-Eyes data breach
IntelGroup, a prominent Serbian hacker from the CyberNiggers threat group, has claimed to breach Space-Eyes, a geospatial intelligence firm, catering exclusively to the US government agencies. The...
View ArticleMore open-source project takeover attempts found after XZ Utils attack
The Open Source Security Foundation (OpenSSF) together with the OpenJS Foundation have identified additional incidents where attackers attempted to social engineer their way into the management of...
View ArticleUnderstanding CISA’s proposed cyber incident reporting rules
In the wake of a string of high-profile cyber incidents, capped by a crippling ransomware attack on Colonial Pipeline, the US Congress passed the Cyber Incident Reporting for Critical Infrastructure...
View ArticleWhere in the world is your AI? Identify and secure AI across a hybrid...
Artificial intelligence is quickly becoming an integral component of daily business operations — by 2026, more than 80% of enterprises will have used generative AI APIs or deployed AI-enabled...
View ArticleSAP users are at high risk as hackers exploit application vulnerabilities
Targeting SAP vulnerabilities by threat actors is currently at its peak as systems compromised by ransomware incidents have grown fivefold since 2021, according to joint research by Flashpoint and...
View ArticleAWS and Google Cloud command-line tools can expose secrets in CI/CD logs
Security researchers warn that certain commands executed in the AWS and Google Cloud command-line interfaces (CLIs) will return credentials and other secrets stored in environment variables as part of...
View Article