Day: November 7, 2023
-
Gootbot: A new post-exploitation implant for lateral movement
The creators of Gootloader, a malicious program commonly used to deploy ransomware and other malware threats on enterprise networks, have developed a new second-stage implant. Dubbed GootBot, the new post-exploitation tool is written in PowerShell and is pushed to other systems on compromised networks via lateral movement techniques. “The Gootloader group’s introduction of their own…
-
Facebook tops security ratings among social networks
Facebook is the most secure social networking site among the major players, thanks to improved privacy controls and support for more secure two-factor authentication technology, but the social media sector as a whole remains vulnerable to different types of account takeover. According to a study released Tuesday by access management vendor Cerby, the biggest area…
-
MTE – The promising path forward for memory safety
Posted by Andy Qin, Irene Ang, Kostya Serebryany, Evgenii Stepanov Since 2018, Google has partnered with ARM and collaborated with many ecosystem partners (SoCs vendors, mobile phone OEMs, etc.) to develop Memory Tagging Extension (MTE) technology. We are now happy to share the growing adoption in the ecosystem. MTE is now available on some OEM…
-
Automatic Conditional Access policies in Microsoft Entra streamline identity protection
Extending our commitment to help customers be secure by default, today we’re announcing the auto-rollout of Microsoft Entra Conditional Access policies that will automatically protect tenants based on risk signals, licensing, and usage. We’ve designed these policies based on our deep knowledge of the current cyberthreat landscape to help our customers strengthen their security baseline,…
-
Bitwarden Revolutionises Online Security with Passkey Management
Bitwarden has introduced a ground-breaking feature: passkey management. This innovation empowers every Bitwarden user to create, handle, and securely store passkeys within their vaults. With the Bitwarden web extension, users can effortlessly and securely access passkey-enabled websites. These synchronised passkeys are meticulously encrypted within users’ vaults, offering a seamless and passwordless login experience. A Secure,…
-
Glasgow Caledonian University Selects CyberArk to Reduce Identity Security Risk for Thousands of Staff and Students
CyberArk has announced that Glasgow Caledonian University (GCU) has selected the CyberArk Identity Security Platform to power its mission-critical identity and access management modernisation initiatives and improve security for its more than 27,000 staff and students. The top-performing modern university in Scotland, GCU has campuses in the centre of Glasgow and London and is well…
-
Frontegg releases new identity, user management solution for SaaS products
Identity and access management platform Frontegg has announced the release of Frontegg Forward to support software as a service (SaaS) companies in handling customer identity and user management within their products. The new offering delivers four fundamental user management innovations that SaaS companies need to meet their growth imperatives over the next decade, the company…
-
Eclypsium launches supply chain security guide to track risks and incidents
Digital supply chain security company Eclypsium has announced the launch of a new supply chain security guide to help IT, security, and procurement teams track risks and incidents. CIOs, CISOs, and supply chain leaders can use the guide to assess their exposure to supply chain cybersecurity threats and make better risk-based purchase decisions, the firm…
-
IBM rebuilds QRadar for hybrid clouds and AI workloads
IBM has announced rebuilding its security information and event management (SIEM) offering, QRadar, with a cloud-native architecture to help organizations scale their hybrid cloud and AI workloads. The new offering combines IBM’s existing SIEM skeleton within the QRadar suite with new generative AI and threat detection capabilities for improved data ingestion, and search and analytics…
-
Secure from the get-go: top challenges in implementing shift-left cybersecurity approaches
David Ulloa sees value in the shift-left strategy, which embeds security at the earliest stages of software development. Like other security chiefs, Ulloa believes that this approach can effectively and efficiently boost the organization’s security posture. But he concedes: not everyone shared his perspective when he first proposed using the strategy. So, Ulloa, CISO with…