Palo Alto Networks Shines Light on Application Services Security Challenge
An analysis published by Palo Alto Networks finds a typical large organization adds or updates over 300 services every month, with those new and updated services being responsible for approximately 32% of new high or critical cloud exposures ... Read More
Backdoor in RFID Cards for Offices, Hotels Can Lead to Instant Cloning
A backdoor found in millions of Chinese-made RFID cards that are used by hotels and other businesses around the world can let bad actors instantly clone the cards to gain unauthorized access into rooms or run supply chain attacks, say researchers with Paris-based Quarkslab ... Read More
Patch Tuesday not Done ’til LINUX Won’t Run?
Richi Jennings | | CVE-2022-2601, Dual boot, GRUB2 Bootloader Secure Boot Bypass, Linux, Microsoft, Microsoft Patch Tuesday August 2024, Microsoft Windows, Patch Tuesday, SB Blogwatch, SBAT, secure boot, Secure Boot Advanced Targeting, WindowsRedmond reboot redux: “Something has gone seriously wrong.” You can say that again, Microsoft ... Read More
Survey Surfaces Growing SaaS Application Security Concerns
A survey of 300 application and software development, IT and security leaders finds nearly half (45%) working for organizations that, in the past year, have experienced a cybersecurity incident involving a third-party software-as-a-service (SaaS) application ... Read More
McAfee Unveils Tool to Identify Potential Deep Fakes
McAfee today added a tool to detect deep fakes to its portfolio that will initially be made available on PCs from Lenovo that are optimized to run artificial intelligence (AI) applications ... Read More
Survey Surfaces Widespread Mishandling of Sensitive Data
Perforce Software today published a survey of 250 IT professionals that finds the amount of sensitive data residing in non-production environments is rising as organizations embrace artificial intelligence (AI) and digital business transformation ... Read More
Extortion Group Exploits Cloud Misconfigurations, Targets 110,000 Domains
An unknown threat group leveraged publicly exposed environment variables in organizations' AWS accounts to exfiltrate sensitive data and demand ransoms in a wide-ranging extortion campaign that targeted 110,000 domains ... Read More
Mandatory MFA is Coming to Microsoft Azure
Microsoft is making MFA mandatory for signing into Azure accounts, the latest step in the IT vendor's Secure Future Initiative that it expanded in May in the wake of two embarrassing breaches by Russian and Chinese threat groups ... Read More
Lawmakers Ask for Probe of Chinese Router Maker TP-Link
Two U.S. lawmakers are asking the Commerce Department to investigate whether the Wi-Fi routers built by Chinese company TP-Link could be used by Chinese-sponsored threat groups to infiltrate U.S. government and private networks, posing a security risk to the country ... Read More
Ransomware Surge Exploits Cybersecurity Gaps Caused by M&A
Evolving threat actor tactics are capitalizing on business and technology consolidation to launch widespread ransomware attacks and requiring organizations to rethink how to address new vulnerabilities to stay secure and resilient ... Read More
