6 best practices to defend against corporate account takeover attacks

6 best practices to defend against corporate account takeover attacks

While there are similarities between the two, corporate account takeovers (CATO) often have larger implications than breaches affecting individual accounts and can result in significant financial losses, reputational damage, and compromised sensitive business information. “In the corporate environment, the main focus is preventing attackers from getting your employees’ credentials,” says Gartner cybersecurity analyst Akif Khan. … Read more

Semperis aims to ensure security in Active Directory migrations, consolidation

Semperis aims to ensure security in Active Directory migrations, consolidation

Companies often have extended, complex Active Directory infrastructures that have been expanded over time to encompass different domains, potentially creating security issues when they move to a new AD environment. A new AD migration and consolidation offering from identity-based cybersecurity provider Semperis is designed to tackle this problem head-on, streamlining the transition process while ensuring … Read more

Report: PowerShell Gallery susceptible to typosquatting and other package-management attacks

Report: PowerShell Gallery susceptible to typosquatting and other package-management attacks

Researchers are warning in a new report that PowerShell Gallery (PSGallery), the central repository for PowerShell modules and scripts, lacks package name and ownership protections that other popular registries such as npm put in place to prevent typosquatting attacks. Furthermore, the report found that it is possible to find and access PowerShell Gallery packages that … Read more

Incident response lessons learned from the Russian attack on Viasat

Incident response lessons learned from the Russian attack on Viasat

On February 24, 2022, on the eve of Russia’s invasion of Ukraine, KA-band satellite provider Viasat became the first prominent victim of Russian cyber aggression when a wiper attack turned off tens of thousands of Viasat’s government and commercial broadband customers’ modems. At this year’s Black Hat and DEF CON conferences, Viasat representatives spelled out … Read more

3 strategies that can help stop ransomware before it becomes a crisis

3 strategies that can help stop ransomware before it becomes a crisis

Over the past decade, the average value of ransoms demanded by hackers has gone from hundreds of dollars to hundreds of thousands — even into the millions in some cases. With increasingly stringent regulatory requirements and CISOs being sued for not reporting a breach, the stakes of ransomware attacks are getting ever higher. But specialists … Read more

MongoDB rolls out queryable encryption to secure sensitive data workflows

MongoDB rolls out queryable encryption to secure sensitive data workflows

Developer data platform MongoDB has announced the general availability of queryable encryption, an end-to-end data encryption technology for securing sensitive application workflows. It is designed to reduce the risk of data exposure for organizations and helps businesses protect sensitive information when it is queried/in-use on MongoDB. MongoDB’s queryable encryption can be used with AWS Key … Read more

What would an OT cyberattack really cost your organization?

What would an OT cyberattack really cost your organization?

If there’s one thing an organization’s C-suite technology and their plant managers, operators, and OT experts need to be on the same page about, it’s this: Downtime is never an option. It’s one thing if the IT systems have to go on lockdown, but on the operational technology side, the consequences of an OT attack … Read more

UK police data breach exposes victim information

UK police data breach exposes victim information

The UK’s Norfolk and Suffolk police constabularies have disclosed the accidental exposure of personal data belonging to more than 1000 individuals, including victims of crime. The agencies said they identified an issue relating to a very small percentage of responses to Freedom of Information (FOI) requests for crime statistics, issued between April 2021 and March … Read more

Email phishing still the main way in for hackers: report

Email phishing still the main way in for hackers: report

Email phishing remains one of the most dangerous vectors for organizational cyberattacks, as well as one of the most difficult to defend against, with deceptive links, brand impersonation and other phishing threats sharply on the rise. A study published Tuesday by web services and security vendor Cloudflare, which analyzed 250 million malicious email messages sent … Read more

15 top open-source intelligence tools

15 top open-source intelligence tools

OSINT definition Open-source intelligence (OSINT) is the practice of collecting information from published or otherwise publicly available sources. OSINT operations, whether practiced by IT security pros, malicious hackers, or state-sanctioned intelligence operatives, use advanced techniques to search through the vast haystack of visible data to find the needles they’re looking for to achieve their goals. OSINT … Read more

Cybersecurity hiring gap: Time to rethink who can contribute

Cybersecurity hiring gap: Time to rethink who can contribute

There is no denying the large number of vacant full-time positions to be filled in the cybersecurity workspace. The numbers range from 3.5 to 4.7 million globally. As most CISOs will attest, the talent pool has never been tighter, and the squeeze will only continue. Necessity is the mother of invention, so this critical need … Read more

Effectively upskilling cybersecurity professionals to help close the skills gap

Effectively upskilling cybersecurity professionals to help close the skills gap

Globally, there are more cyberthreats than ever and a surge in attacks on operational technology (OT), including the proliferation of new ransomware variations and the ascent of Malware-as-a-Service (MaaS). These developments have caused many firms to place a higher premium on narrowing the cybersecurity skills gap within their own IT teams. Leaders are looking not only at … Read more

jsplaces