'

High severity flaw patched in widely used curl tool

High severity flaw patched in widely used curl tool

The developers of the curl open-source software application and library have released patches for two vulnerabilities in the widely used command-line tool. One of the flaws is rated with high severity and could potentially be exploited by rogue servers to execute malicious code on systems that access them with curl under certain conditions. Curl, which … Read more

How Prisma saved 98% on distribution costs with Cloudflare R2

How Prisma saved 98% on distribution costs with Cloudflare R2

The following is a guest post written by Pierre-Antoine Mills, Miguel Fernández, and Petra Donka of Prisma. Prisma provides a server-side library that helps developers read and write data to the database in an intuitive, efficient and safe way. Prisma’s mission is to redefine how developers build data-driven applications. At its core, Prisma provides an … Read more

SEC to investigate Progress Software over mass MOVEit hack

SEC to investigate Progress Software over mass MOVEit hack

Progress Software could be staring at fresh litigations over the explosive zero-day found in its file transfer service, MOVEit, which affected millions of end users globally. The latest probe comes from the US Security and Exchange Commission (SEC), which is seeking information related to the mass hack. “On October 2, 2023, Progress received a subpoena … Read more

Microsoft Defender for Endpoint now stops human-operated attacks on its own

Microsoft Defender for Endpoint now stops human-operated attacks on its own

Defenders need every edge they can get in the fight against ransomware. Today, we’re pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other capabilities. Now, organizations only need to onboard their devices to … Read more

Automatic disruption of human-operated attacks through containment of compromised user accounts

Automatic disruption of human-operated attacks through containment of compromised user accounts

Our experience and insights from real-world incidents tell us that the swift containment of compromised user accounts is key to disrupting hands-on-keyboard attacks, especially those that involve human-operated ransomware. In these attacks, lateral movement follows initial access as the next critical stage for attackers to advance their objective of targeting valuable assets and sensitive data. … Read more

Israel-Hamas conflict extends to cyberspace

Israel-Hamas conflict extends to cyberspace

Amid the ongoing conflict between Israel and Palestine, a new battleground has opened up in cyberspace, with hackers from both sides trying to attack each other’s infrastructure, while also dragging supporters of each other into the conflict. “Analysts have noted public instances of DDoS attacks, website defacements, and increased dark web discussions from various threat … Read more

The Power of Diversity: Building Stronger Cybersecurity

The Power of Diversity: Building Stronger Cybersecurity

In an increasingly digital world, cybersecurity has become a critical aspect of our daily lives, with our personal information, financial data, and even national security at stake. However, as the field of cybersecurity continues to evolve, a glaring lack of diversity persists. The underrepresentation of certain groups, including women, minority communities, and individuals with diverse … Read more

Microsoft, American Express most spoofed brands in financial services phishing emails

Microsoft, American Express most spoofed brands in financial services phishing emails

Technology giant Microsoft and multinational banking firm American Express are the most spoofed companies in phishing emails targeting financial services. That’s according to the 2023 Financial Services Sector Threat Landscape report by Trustwave SpiderLabs, which examines a multitude of threats faced by the financial services industry. The report cited phishing and email-borne malware as the … Read more

Only you can prevent forest trust issues: managing the complexity of merged networks

Only you can prevent forest trust issues: managing the complexity of merged networks

In the past, security decisions were rarely included in the planning when it came to combining networks after companies merged — just getting the two systems up and running and talking to each other came first and foremost. It was standard procedure to disable workstation firewalls, enable server message block (SMB v1) protocols and in … Read more

Patch Tuesday, October 2023 Edition

Patch Tuesday, October 2023 Edition

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS. Apple last week shipped emergency updates in iOS 17.0.3 and iPadOS 17.0.3 … Read more

Scaling BeyondCorp with AI-Assisted Access Control Policies

Scaling BeyondCorp with AI-Assisted Access Control Policies

Ayush Khandelwal, Software Engineer, Michael Torres, Security Engineer, Hemil Patel, Technical Product Expert, Sameer Ladiwala, Software Engineer In July 2023, four Googlers from the Enterprise Security and Access Security organizations developed a tool that aimed at revolutionizing the way Googlers interact with Access Control Lists – SpeakACL. This tool, awarded the Gold Prize during Google’s internal … Read more