Cybersecurity News, Awards, Webinars, eSummits, Research

A Biden administration March 27 executive order restricts the way federal agencies can use commercial spyware, such as the NSO Group’s Pegasus spyware. (Photo by MENAHEM KAHANA/AFP via Getty Images)

Biden order puts new guardrails around government purchase, use of commercial spyware

Derek B. JohnsonMarch 27, 2023

Executive order bans U.S. agencies from purchasing or using certain commercial spyware programs, but exceptions for spyware testing and research are built in.

WHITEPAPER

The Automated Phishing Identification & Response Buyer’s Guide

PODCASTS

RESOURCES

FEATURED

Entries are open for the SC Awards, honoring cybersecurity companies, people and products. (Stock/Getty Images)

Calling all cyber companies: SC Awards entry period is open

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Email security

Fraudsters using BEC tactics to target tech vendors, other industries

Stephen WeigandMarch 27, 2023

The FBI is warning that criminals are using business email compromise (BEC) tactics to target vendors in a variety of industries, including computer hardware vendors, to obtain their products without paying.

Dish Network suffers massive multi-day outage

Ransomware

Dish customers struggle with service disruptions weeks after ransomware attack

Menghan XiaoMarch 24, 2023

Customers complain that they are still having payment issues and are not able to contact customer service weeks after Dish Network suffered a ransomware attack.

A man holds a smartphone with checkout icons floating around

Vulnerability management

Patch released for critical vulnerability in WooCommerce Payments plug-in

Steve ZurierMarch 24, 2023

WooCommerce Payments runs on more than 220,000 websites, so security teams that use the platform need to patch immediately or risk unauthenticated administrative takeover of their websites.

Cloud security

New CISA tools support detection of malicious activity in Microsoft Azure

Jessica DavisMarch 24, 2023

CISA’s Untitled Goose Tool aims to support network defenders with finding and detecting malicious activity in Microsoft Azure, Active Directory, and Microsoft 365 environments.

Identity and access

Post-exploitation attack method exposes Okta passwords

Stephen WeigandMarch 24, 2023

New research reveals a potential post-exploitation attack method in Okta that enables adversaries to read users’ passwords in Okta audit logs.

Closeup of the homepage of the CISA website.

Critical infrastructure

House Homeland leaders don’t want CISA’s reach to exceed its grasp

Derek B. JohnsonMarch 23, 2023

The top officials on the House Homeland Security's cyber subcommittee expressed concern that the agency's responsibility and funding may be outpacing it's maturity and staffing needs.

Online healthcare app on smartphone screen.

Application security

Health apps on notice: FTC signals more privacy enforcement actions ahead

Jessica DavisMarch 23, 2023

Digital app developers and other companies maintaining consumer data, including health information, should review current privacy practices as the FTC cracks down on violations.

Biden order puts new guardrails around government purchase, use of commercial spyware

WHITEPAPER

The Automated Phishing Identification & Response Buyer’s Guide

PODCASTS

RESOURCES

FEATURED

Calling all cyber companies: SC Awards entry period is open

Get daily email updates

Perspectives

Three ways to keep the National Cybersecurity Strategy on track

The National Cybersecurity Strategy teaches us that collaboration must reign supreme

How Chromium unlocked tech’s hottest new category: the enterprise browser

Three reasons why security teams should start a modern SSE network security journey with zero-trust-network access

ChatGPT will empower a new generation of threat actors, putting pressure on defenders to keep up

In Brief

Toronto, others confirm impact from Clop GoAnywhere attacks

Ransomware attack disrupts Tennessee city

Health data breaches reported by Postal Prescription Services, others

Data breach still unconfirmed by iD Tech

Middle East telecom providers subjected to Chinese cyberespionage attacks

More Resources

Top ransomware controls and where MDR fits in

How to declutter DevSecOps with DAST

Deploying MDR: Quotes from the experts

How tech clutter complicates DevSecOps

Threat Hunting: Moving beyond reactive intelligence

Fraudsters using BEC tactics to target tech vendors, other industries

Dish customers struggle with service disruptions weeks after ransomware attack

Patch released for critical vulnerability in WooCommerce Payments plug-in

New CISA tools support detection of malicious activity in Microsoft Azure

Post-exploitation attack method exposes Okta passwords

House Homeland leaders don’t want CISA’s reach to exceed its grasp

Health apps on notice: FTC signals more privacy enforcement actions ahead

EVENTS

The War on Ransomware: Lives and livelihoods on the line

Practical advice for protecting your digital supply chain: A realistic top 5 list

Reducing risk with user access review automation

IAM: Tales from the cutting edge, for the watch-and-learn crowd

Passwordless security: Where things stand, and What’s next?