'

Top cybersecurity products at Black Hat USA 2023

Top cybersecurity products at Black Hat USA 2023

Black Hat USA 2023 served as launchpad for a host of cybersecurity products and services, with many notable vendors as well as up-and-coming startups showcasing their innovations at the annual conference, held this week in Las Vegas. The CSO team has put together a list highlighting the most significant debuts at the show — which, … Read more

EvilProxy used in massive cloud account takeover scheme

EvilProxy used in massive cloud account takeover scheme

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months. Most of the attacks targeted high-ranking executives. The researchers estimated … Read more

IBM launches open-source detection and response framework for MFT attacks

IBM launches open-source detection and response framework for MFT attacks

Over the past several years, multiple ransomware groups and other threat actors have exploited vulnerabilities in the managed file transfer (MFT) applications that organizations rely on to enable secure remote access to business documents. Researchers from IBM have analyzed the components of 13 of these solutions and built a framework that can help defenders quickly … Read more

Downfall and Zenbleed: Googlers helping secure the ecosystem

Tavis Ormandy, Software Engineer and Daniel Moghimi, Senior Research Scientist Finding and mitigating security vulnerabilities is critical to keeping Internet users safe.  However, the more complex a system becomes, the harder it is to secure—and that is also the case with computing hardware and processors, which have developed highly advanced capabilities over the years. This … Read more

Android 14 introduces first-of-its-kind cellular connectivity security features

Android 14 introduces first-of-its-kind cellular connectivity security features

Posted by Roger Piqueras Jover, Yomna Nasser, and Sudhi Herle Android is the first mobile operating system to introduce advanced cellular security mitigations for both consumers and enterprises. Android 14 introduces support for IT administrators to disable 2G support in their managed device fleet. Android 14 also introduces a feature that disables support for null-ciphered … Read more

Pixel Binary Transparency: verifiable security for Pixel devices

Pixel Binary Transparency: verifiable security for Pixel devices

Jay Hou, Software Engineer, TrustFabric (transparency.dev)  Pixel Binary Transparency With Android powering billions of devices, we’ve long put security first. There’s the more visible security features you might interact with regularly, like spam and phishing protection, as well as less obvious integrated security features, like daily scans for malware. For example, Android Verified Boot strives … Read more

History’s Greatest Insider Threats

History’s Greatest Insider Threats

One of the most difficult problems for security professionals to grapple with is defending against dangers that come from within an organisation. Unfortunately, protecting against insider threats is often more complicated than traditional threat prevention. There are many different ways that an insider threat can manifest, making it necessary to approach the issue from a … Read more

Cyber-attack hits the UK’s electoral registers

Cyber-attack hits the UK’s electoral registers

Confidence in the UK’s electoral authority has been cast into doubt following the revelation of a malicious cyber-attack that infiltrated the records of 40 million voters, remaining undetected for a year. Shockingly, this breach was not disclosed to the public until a full 10 months later. Although the attack was detected in October of the … Read more

Synopsys Bolsters Application Security Testing Solutions Through Collaborations with NowSecure and Secure Code Warrior

Synopsys Bolsters Application Security Testing Solutions Through Collaborations with NowSecure and Secure Code Warrior

Yesterday, Synopsys unveiled two new collaborative agreements, solidifying partnerships with respected experts in mobile security and privacy, NowSecure, as well as Secure Code Warrior, a leading provider of an agile learning platform focused on developer-driven security. These collaborations are set to further enhance the Software Integrity Group’s acclaimed range of application security testing (AST) solutions. … Read more