Cybersecurity News, Awards, Webinars, eSummits, Research

‘Big Head’ malware threat looms, warn researchers

Simon HenderyJuly 10, 2023

Researchers say the multifaceted ransomware strain is still evolving and presents "significant harm" once it becomes fully operational.

WHITEPAPER

Vulnerability management: A maelstrom of moving targets

PODCASTS

RESOURCES

FEATURED

2023 Women in IT Security: Call for nominations

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Application security

Still no specifics on this week’s JumpCloud security incident

Steve ZurierJuly 7, 2023

Security researchers say companies don’t revoke API keys lightly and point out that invalidating the API keys could shut down all system that rely on those APIs.

Vulnerability management

Google issues patches for 46 bugs: 3 faced targeted exploitation, 1 critical

Steve ZurierJuly 7, 2023

One of the patches follows CISA listing it on the Known Exploited Vulnerabilities (KEV) catalog in the spring.

Breach

Progress Software flags three new vulnerabilities in MOVEit Transfer

Derek B. JohnsonJuly 7, 2023

Two of the bugs allow for unauthenticated access and modification privileges for MOVEit Transfer database content, while the third would allow an attacker to terminate instances of the application at will. A security bulletin from the company lists all three as critical or high severity.

Threat intelligence

Truebot RCE attacks exploit critical Netwrix Auditor bug

Simon HenderyJuly 7, 2023

Threat actors used to inject the botnet malware through phishing campaigns and malicious links but have shifted to exploiting a now-patched Netwrix Auditor vulnerability.

Device Security

High-severity bug in Cisco data center switches lets attackers break into encrypted traffic

Steve ZurierJuly 6, 2023

Cisco advised customers to disable the encryption feature in the switches, as no patches or workaround are yet available.

Identity and access

Southern New Hampshire University puts CX front and center in its IAM deployment

Daniel ThomasJuly 6, 2023

SC Media spoke to Matt Connors, Chief Information Security Officer for Southern New Hampshire University, about how his organization reframed IAM with the support of marketing and student advocacy. Here are the key takeaways.

Cloud security

Microsoft on TeamsPhisher: ‘Nothing to see here’

Simon HenderyJuly 6, 2023

Microsoft appears to have no plans to patch the vulnerability, which is now being used by red teams as a malicious payload delivery method.

‘Big Head’ malware threat looms, warn researchers

WHITEPAPER

Vulnerability management: A maelstrom of moving targets

PODCASTS

RESOURCES

FEATURED

2023 Women in IT Security: Call for nominations

Get daily email updates

Perspectives

Why CISOs need enhanced legal protections in the age of breach lawsuits

The case for a federal data privacy law

Bad bots are growing in volume and sophistication – here’s what to do about it

Advanced detection protects against the growing trade of zero-day hacks

Seven ways to prepare for double extortion ransomware

In Brief

Critical Mastodon vulnerabilities addressed

Industrial firms potentially vulnerable to attacks using PiiGAB flaws

Chinese Android spyware apps impact up to 1.5M users

Kronos agrees to settle ransomware attack for $6M

Bangladesh data breach exposes millions’ personal information

More Resources

MDR use cases: Achieving detection and response with lower costs and higher productivity

Cybersecurity experts share their top vulnerability management challenges in 2023

5 best practices for effective vulnerability management

MDR use cases: Speeding up the time from intrusion to detection and response

The OWASP API Security Top 10: What’s new for 2023

Still no specifics on this week’s JumpCloud security incident

Google issues patches for 46 bugs: 3 faced targeted exploitation, 1 critical

Progress Software flags three new vulnerabilities in MOVEit Transfer

Truebot RCE attacks exploit critical Netwrix Auditor bug

High-severity bug in Cisco data center switches lets attackers break into encrypted traffic

Southern New Hampshire University puts CX front and center in its IAM deployment

Microsoft on TeamsPhisher: ‘Nothing to see here’

EVENTS

Ransomware attackers vs. defenders: The never-ending game of one-upmanship

A day in the life of an MDR analyst: How we saved a firewall provider from disaster

Threat intelligence: Be informed & banish ignorance

The endpoint end game: Locking down your entry points

Investing in IAM: Seize the moment