'

5 cyber hygiene strategies to help prevent cyber attacks

The world of cybersecurity is constantly inundated with news on the latest data breaches, cybercriminal attack trends, and security measures. And while that information is critical for adapting to the ever-changing nature of cybercrime, it’s also important to pay attention to foundational measures as well. Basic security hygiene still protects against 98% of attacks. As … Read more

Critical cloud-delivered security services for SASE

SASE = SD-WAN + SSE is an equation that has become conspicuous in the security industry. If you aren’t a cybersecurity professional, you might mistake it for a high school advanced algebra problem or perhaps one of Einstein’s scientific formulas. But IT professionals understand at a high level that SASE, a solution that provides the hybrid … Read more

Uncursing the ncurses: Memory corruption vulnerabilities found in library

Uncursing the ncurses: Memory corruption vulnerabilities found in library

Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces (TUI). Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface (POSIX) operating systems, including Linux, macOS, and FreeBSD. Using environment variable poisoning, attackers could chain … Read more

JFrog combines ML development with DevSecOps

With businesses increasingly relying on a host of AI implementations within their services, JFrog is trying to respond to the need for a central management system to bring AI deliveries in line with an organization’s existing DevOps practices. Dubbed “ML model management,” JFrog’s new capabilities are introduced within the JFrog software supply chain platform to … Read more

10 principles to ensure strong cybersecurity in agile development

Today’s hyper-competitive business environment requires organizations to move fast and stay innovative. As a result, 80% or more organizations have adopted an agile development approach. Unfortunately, this higher development velocity introduces several opportunities for exploitation by cyber criminals, especially if the software lifecycle processes are not secured. So, how can organizations make agile development practices … Read more

Automotive supply chain vulnerable to attack as cybersecurity regulation looms

Almost two-thirds (64%) of automotive industry leaders believe their supply chain is vulnerable to cyberattacks, with many businesses inadequately prepared for a connected automotive era. That’s according to new Kaspersky research based on 200 interviews with C-level decision makers in large enterprises of at least 1,000 employees in the automotive sector. It revealed a vast … Read more

FBI Hacker Dropped Stolen Airbus Data on 9/11

FBI Hacker Dropped Stolen Airbus Data on 9/11

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “USDoD” had infiltrated the FBI‘s vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on … Read more

New Kubernetes vulnerability allows privilege escalation in Windows

New Kubernetes vulnerability allows privilege escalation in Windows

The latest version of Kubernetes released last month includes patches for an entire class of vulnerabilities that allow attackers to abuse the subPath property of YAML configuration files to execute malicious commands on Windows hosts. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai researcher Tomer … Read more

Using AI-generated code can lead to business risk

Using AI-generated code can lead to business risk

Little things can get you into big trouble. This has been true for all human history. One of the most famous descriptions of it comes from a proverb centuries ago that begins “For want of a nail the [horse]shoe was lost…” and concludes with the entire kingdom being lost “…all for the want of a … Read more

Severe Azure HDInsight flaws highlight dangers of cross-site scripting

Severe Azure HDInsight flaws highlight dangers of cross-site scripting

Security researchers have found eight serious cross-site scripting (XSS) flaws in Azure HDInsight, a big data processing service powered by open-source technologies like Apache Hadoop, Spark, Hive and Kafka running on Azure. The flaws could have allowed attackers to inject and execute malicious scripts in visitors’ browsers. “All XSS vulnerabilities posed significant security risks to … Read more

Partnering up on XDR: A rising tide lifts all security teams

Partnering up on XDR: A rising tide lifts all security teams

Security is a community effort; it takes a network of partners to ensure everyone is secure.   That’s why Cisco’s Extended Detection and Response (XDR) solution, launched in April, focuses on correlating telemetry from several third-party security vendors to increase interoperability and deliver consistent outcomes regardless of vendor or technology.    Security is a fragmented market, … Read more

Perception Point launches MSP program to help partners tackle threats

Perception Point launches MSP program to help partners tackle threats

Cybersecurity provider Perception Point has announced the launch of a new managed service provider (MSP) program to empower partners with dedicated, enterprise-level threat prevention, detection, and response. The tailored security offering is designed for MSPs and managed security service providers (MSSPs) to better protect their clients and streamline security operations, according to the vendor. Perception … Read more