Author: wp editor
-
What should be in a company-wide policy on low-code/no-code development
In the hands of professional coders, low-code development platforms can speed up development cycles. Meantime, business users can leverage no-code tools to empower themselves as citizen developers who can quickly create applications to automate tasks, connect existing applications together, or customize software to perform exactly as they need. All of this flexibility can come with…
-
Cisco unveils AI-powered assistants to level up security defenses
Cisco is making a bid to drive artificial intelligence (AI) deeper into its cloud security platform, launching a new feature, AI Assistant for Security, a cross-domain AI-driven assistant designed to help organizations of all sizes level up their defenses against the rising tide of threats. “With attacks getting more sophisticated and the attack surface getting…
-
Microsoft Incident Response lessons on preventing cloud identity compromise
Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in the first quarter of 2023 compared to the same period in 2022. Threat actors leverage compromised identities to achieve a significant level of access to target networks. The compromise of an identity, under certain circumstances,…
-
3 reasons why now is the time to go cloud native for device management
The post 3 reasons why now is the time to go cloud native for device management appeared first on Microsoft Security Blog. Go to Source Author: Michael Wallent
-
How Microsoft and Amazon are expanding the fight against international tech support fraud
On October 19th of this year, India’s federal enforcement agency, the Central Bureau of Investigation (CBI), announced it had conducted multiple criminal raids against fraudulent call centers in various cities across India. This operation was supported by a joint referral from Microsoft and Amazon, which enabled the exchange of actionable intelligence between CBI and other…
-
Russia’s Fancy Bear launches mass credential collection campaigns
A threat group associated with the Russian military intelligence service was behind several mass attack campaigns that exploited known flaws in Outlook and WinRAR to collect Windows NTLM credential hashes from organizations in Europe and North America. The high volume of emails is unusual for cyberespionage groups, which are typically highly targeted in their victim…
-
Addressing vulnerabilities in OT environments requires a Zero Trust approach
Cyberattacks on operational technology (OT) systems are rapidly rising. In fact, manufacturing was one of the sectors most impacted by extortion attacks last year, according to Palo Alto Networks Unit 42, as reported in the 2023 Unit 42 Extortion and Ransomware Report. Attacks against OT systems can have a significant impact, including physical consequences such…
-
New Synopsys Report Reveals Application Security Automation Soars
Today, Synopsys released BSIMM14, the latest iteration of its annual Building Security In Maturity Model (BSIMM) report. This comprehensive analysis delves into the software security practices of 130 organisations, encompassing leading companies across various industries such as cloud, financial services, FinTech, ISV, insurance, IoT, healthcare, and technology. The report highlights a significant surge in the…
-
Over 80% of IT Leaders Want to Move Their On-Prem PAM Solution to the Cloud
A new report by zero-trust and zero-knowledge cybersecurity software providers Keeper Security has found that over 80% of IT leaders (82%) want to move their on-premises Privilege Access Management (PAM) solution to the Cloud. The findings were outlined in a report entitled Keeper Security Insight Report: Cloud-Based Privileged Access Management. The report explores what IT and…
-
Protecting credentials against social engineering: Cyberattack Series
Our story begins with a customer whose help desk unwittingly assisted a threat actor posing as a credentialed employee. In this fourth report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a credential phishing and smishing (text-based phishing) cyberattack that targeted a legitimate, highly-privileged user with…
-
Centripetal Announces Partnership With Tiger to Provide Cybersecurity Innovation to the UK Market
Today, intelligence powered cybersecurity pros Centripetal have announced that their patented cybersecurity threat solution is available for the first time ever across the UK as a result of its strategic partnership with Tiger. Centripetal’s innovative technology is currently deployed by over 100 customers in the U.S., where the company is headquartered. Earlier this year, Centripetal…
-
Deepfakes emerge as a top security threat ahead of the 2024 US election
The United States is heading into a crucial election year, with a high-stakes presidential election that could determine the republic’s fate for decades. In addition, all 435 seats in the United States House of Representatives, 34 Senate seats, and 13 governorships are up for grabs, along with thousands of local government elections. While official sources…