Digital Russian flag and a binary background cybersecurity concept with 0 and 1.

(Adobe Stock)

Echoes of SolarWinds: JetBrains TeamCity servers under attack by Russia-backed hackers

Laura FrenchDecember 14, 2023

SVR-affiliated cybergang CozyBear is exploiting a critical TeamCity vulnerability to deploy back doors in unpatched servers.

2023 Cybersecurity Year in Review: How AI, Cloud, Ransomware and the SEC raised security stakes

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Ransomware

Microsoft takes down websites used to create 750 million fraudulent accounts

Steve ZurierDecember 14, 2023

Following a court order, Microsoft seized websites created by a Vietnam-based threat group that made millions on mass phishing, identity theft, and fraud.

Governance, Risk and Compliance

Coker confirmed for National Cyber Director as industry preps for SEC reporting rule

Laura FrenchDecember 13, 2023

Experts say leadership needed now more than ever, as Coker aims to strengthen public-private partnerships.

Cyber security in Two factor authentication or 2FA concept. Safety shield icon while access on phone with laptop for validate password. Mobile OTP secure Verification method. Privacy protect data.

Identity

Threat actors launch financially motivated attacks abusing OAuth applications

Steve ZurierDecember 13, 2023

Microsoft researchers say threat actors abused OAuth to deploy VMs for cryptomining, establish persistence following BEC attacks, and launch spamming activity.

K-12 student geolocation data, names exposed via API flaws: 6M impacted

API security

K-12 student geolocation data, names exposed via API flaws: 6M kids impacted

Laura FrenchDecember 13, 2023

GPS locations of K-12 students and parent contact info could be pulled from the Parent Portal API.

Microsoft Dec. Patch Tuesday fixes critical Outlook RCE bug

Cloud Security

Microsoft December Patch Tuesday tackles nasty critical Outlook RCE bug

Simon HenderyDecember 13, 2023

Microsoft caps a busy year of bug patching with a light December release, addressing 33 new flaws.

Sign text closeup for help wanted with red and white colors by entrance to store shop business building during corona virus covid 19 pandemic

Email security

Hiring? New scam campaign means ‘resume’ downloads may contain malware

Laura FrenchDecember 12, 2023

Cybercriminals posing as job candidates are luring recruiters to install the “more_eggs” backdoor.

Apache HTTP Server website (www.apache.org) displayed on smartphone

Patch/Configuration Management

Critical Struts 2 flaw could result in remote code execution, says Apache

Steve ZurierDecember 12, 2023

Apache releases drop-in replacement and upgrade for critical security flaw that is similar to vulnerability that led to 2017 Equifax breach.

Patch/Configuration Management

Lazarus Group continues to exploit Log4j flaw in latest campaign

Simon HenderyDecember 12, 2023

In addition to Log4j, the North Korean threat group’s latest campaign also involves three previously unknown Dlang-based malware variants.

Echoes of SolarWinds: JetBrains TeamCity servers under attack by Russia-backed hackers

2023 Cybersecurity Year in Review: How AI, Cloud, Ransomware and the SEC raised security stakes

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

Perspectives

Secure cloud migration: lift, adapt, and shift…right!

Navigating a data leakage: a six-step incident response guide

Developers and security: Why can’t we all just get along?

The hidden challenges of contractor identity management

Don’t let the IT skills gap hold back cloud security

In Brief

Sophisticated KV-botnet linked to Volt Typhoon

Operations at ransomware-hit credit unions resume

ALPHV/BlackCat, NoEscape members sought by LockBit

Key priorities of state CIOs for 2024 examined

Newest UN cybercrime treaty draft slammed

More Resources

PCI DSS 4.0: What changes for AppSec?

Key questions to ask when evaluating an identity and access security vendor

Account-opening solutions offer strong returns on investment

7-hour recovery: How an American business beat ransomware

Chargeback protection market set for explosive growth

Microsoft takes down websites used to create 750 million fraudulent accounts

Coker confirmed for National Cyber Director as industry preps for SEC reporting rule

Threat actors launch financially motivated attacks abusing OAuth applications

K-12 student geolocation data, names exposed via API flaws: 6M kids impacted

Microsoft December Patch Tuesday tackles nasty critical Outlook RCE bug

Hiring? New scam campaign means ‘resume’ downloads may contain malware

Critical Struts 2 flaw could result in remote code execution, says Apache

Lazarus Group continues to exploit Log4j flaw in latest campaign

EVENTS

CISO Stories: Balancing IAM Cost, Security, and Experience

A CISOs Guide to Effective Security Practices in Cloud Computing Environments

Ransomware attack lessons, from MOVEit and Doubledrive to MGM/Caesars

Navigating the zero trust landscape: Lessons from the trenches

New Encrypted Attack Insights: Findings from Our Latest Report

Cybersecurity News, Awards, Webinars, eSummits, Research

Echoes of SolarWinds: JetBrains TeamCity servers under attack by Russia-backed hackers

2023 Cybersecurity Year in Review: How AI, Cloud, Ransomware and the SEC raised security stakes

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

Perspectives

Secure cloud migration: lift, adapt, and shift…right!

Navigating a data leakage: a six-step incident response guide

Developers and security: Why can’t we all just get along?

The hidden challenges of contractor identity management

Don’t let the IT skills gap hold back cloud security

In Brief

Sophisticated KV-botnet linked to Volt Typhoon

Operations at ransomware-hit credit unions resume

ALPHV/BlackCat, NoEscape members sought by LockBit

Key priorities of state CIOs for 2024 examined

Newest UN cybercrime treaty draft slammed

More Resources

PCI DSS 4.0: What changes for AppSec?

Key questions to ask when evaluating an identity and access security vendor

Account-opening solutions offer strong returns on investment

7-hour recovery: How an American business beat ransomware

Chargeback protection market set for explosive growth

Microsoft takes down websites used to create 750 million fraudulent accounts

Coker confirmed for National Cyber Director as industry preps for SEC reporting rule

Threat actors launch financially motivated attacks abusing OAuth applications

K-12 student geolocation data, names exposed via API flaws: 6M kids impacted

Microsoft December Patch Tuesday tackles nasty critical Outlook RCE bug

Hiring? New scam campaign means ‘resume’ downloads may contain malware

Critical Struts 2 flaw could result in remote code execution, says Apache

Lazarus Group continues to exploit Log4j flaw in latest campaign

EVENTS

CISO Stories: Balancing IAM Cost, Security, and Experience

A CISOs Guide to Effective Security Practices in Cloud Computing Environments

Ransomware attack lessons, from MOVEit and Doubledrive to MGM/Caesars

Navigating the zero trust landscape: Lessons from the trenches

New Encrypted Attack Insights: Findings from Our Latest Report