Cybersecurity News, Awards, Webinars, eSummits, Research

The official seal of the Cybersecurity and Infrastructure Agency is seen at the CISA headquarters in Arlington, Va. (Department of Homeland Security)

CISA strategic plan aligns with National Cybersecurity Strategy

Stephen WeigandAugust 4, 2023

The plan calls for the agency to focus its efforts on raising the bar for adversaries to threaten U.S. and allied networks, promote strong security practices among partners and treat cybersecurity as a basic safety issue.

WHITEPAPER

Vulnerability management: A maelstrom of moving targets

PODCASTS

RESOURCES

FEATURED

Women in Cybersecurity: The perfect threat modelers

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Third-party code

Malicious PyPI packages resemble a legitimate VMware vSphere connector

Steve ZurierAugust 4, 2023

Sonatype reported the malicious PyPI packages on July 28 and the registry admins took them down.

Hacktivists or just hackers: Compromising morals for money

Malware

Hacktivist or just hacker: Compromising morals for money

Simon HenderyAugust 4, 2023

Traditionally reliant on donations to fund their attacks, so-called hacktivist groups are increasingly looking for alternative revenue streams.

Email security

Attackers chain Salesforce and Facebook flaws to launch phishing attacks

Steve ZurierAugust 3, 2023

Guardio Labs reported this unusual phishing attack to Salesforce and Meta in late June, and they were quickly remediated.

Years-old vulnerabilities in unpatched systems still dominate the threat landscape, according to a joint advisory by Five Eyes governments. (Image Credit: Olemedia via Getty Images)

Vulnerability Management

Old CVEs die hard and big tech gets hit hardest by bugs, top 2022 vulnerability trends

Derek B. JohnsonAugust 3, 2023

Organizations are more likely to be compromised a bug found in 2021 or 2020 than they are ones discovered over the past year.

Cloud Security

Microsoft Teams users duped into passing on MFA codes

Simon HenderyAugust 3, 2023

Russian threat group APT29 used phishing lures to target governments, NGOs and other organizations in a series of espionage-focused attacks.

Leadership

Lenovo’s Skip Mann: Exceptional security leadership like being a human Swiss Army knife

SC StaffAugust 2, 2023

The managing director of the company's chief security office says an exceptional security leader combines visionary thinking, technical expertise and a commitment to fostering a security-first culture.

data transfer cloud computing technology concept.

Cloud Security

Cloudzy delivers cloud services to multiple APT groups, researchers say

Steve ZurierAugust 2, 2023

Halcyon report says Cloudzy delivers bandwidth and technical services to APT groups in China, Iran, North Korea, Russia, India, Pakistan and Vietnam.

Malware

Python versions of stealer malware discovered targeting Facebook business accounts

Stephen WeigandAugust 2, 2023

Cybersecurity researchers reported discovering a previously unknown phishing campaign distributing two variants of an infostealer written in Python to take over Facebook business accounts.

CISA strategic plan aligns with National Cybersecurity Strategy

WHITEPAPER

Vulnerability management: A maelstrom of moving targets

PODCASTS

RESOURCES

FEATURED

Women in Cybersecurity: The perfect threat modelers

Get daily email updates

Perspectives

Can the White House cyber workforce strategy bring more women into IT?

How we can bring diversity into the cybersecurity industry

What the industry must do to attract more women into cybersecurity

Practical Privacy: What practitioners need to know

Create a ‘win-win’ scenario for security teams and cyber insurers

In Brief

MOVEit hack impacts US government contractor Serco

Attempted NOIRLab cyberattack disrupts Hawai’i observatory

Live sporting events increasingly targeted by cyberattacks

Milesight industrial router vulnerabilities discovered

Funding round secures $70M for Endor Labs

More Resources

Must-have browser security features

Risk-assessment best practices: a Cybersecurity Collaborative guide

Browser security that protects the remote, extended and hybrid workforce

7-hour recovery: How an American business beat ransomware

Zero trust and browser security: How they fit together

Malicious PyPI packages resemble a legitimate VMware vSphere connector

Hacktivist or just hacker: Compromising morals for money

Attackers chain Salesforce and Facebook flaws to launch phishing attacks

Old CVEs die hard and big tech gets hit hardest by bugs, top 2022 vulnerability trends

Microsoft Teams users duped into passing on MFA codes

Lenovo’s Skip Mann: Exceptional security leadership like being a human Swiss Army knife

Cloudzy delivers cloud services to multiple APT groups, researchers say

Python versions of stealer malware discovered targeting Facebook business accounts

EVENTS

A day in the life of an MDR analyst: How we saved a firewall provider from disaster

Threat intelligence: Be informed & banish ignorance

Cyber risk is business risk: Walking the intersecting lines

Seeking safer shortcuts for devs: Snyk’s 2023 State of Open Source Security Report

The endpoint end game: Locking down your entry points