Cybersecurity News, Awards, Webinars, eSummits, Research

Critical authentication bypass found in Arcserve backup system

Steve ZurierJune 29, 2023

Researchers say unpatched, bug could compromise admin accounts and take over vulnerable backup systems.

WHITEPAPER

Vulnerability management: A maelstrom of moving targets

PODCASTS

RESOURCES

FEATURED

2023 Women in IT Security: Call for nominations

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Hackers from the Cl0p extortion group have consistently targeted file transfer software, and experts worry their latest success could breed copycats in the ransomware world. (Image Credit: Sean Gladwell via Getty Images)

Third-party risk

MOVEit hackers may have found simpler business model beyond ransomware

Paul EliasJune 29, 2023

It's the third time the Cl0p extortion group has targeted a piece of file-transfer software to steal data from their customers, but security experts collecting data on the fallout say the MOVEit hack is likely to dwarf the impact of previous campaigns.

An attack chain presented at a German security conference could affect all enterprise software solutions running on top of SAP AS ABAP platform technology. (Image Credit: maxkabakov via Getty Images)

Security awareness

Researcher outlines known RFC vulnerabilities in SAP software that lead to unauthenticated remote code execution

Simon HenderyJune 29, 2023

In a paper presented at a European cyber security conference today, Fabian Hagg outlined research that chained together server-to-server communications bugs and design flaws discovered in SAP NetWeaver Application Server ABAP (AS ABAP) and ABAP Platform.

Policy

White House uses budget hammer to spur better cybersecurity in 2025 and beyond

Derek B. JohnsonJune 28, 2023

Memo outlines how Feds are encouraging agencies to future-proof cybersecurity efforts to improve software, hardware and workforce that will be better equipped to thwart tomorrow's cyberattacks and protect critical infrastructure.

Critical infrastructure

Hundreds of federal network devices fail new CISA security requirements

Simon HenderyJune 28, 2023

An attack surface analysis of more than 50 civilian agencies found widespread noncompliance with a recent Binding Operational Directive.

Microsoft responds to reports of MS Teams outage

Business continuity

Microsoft Teams hit by widespread outage

Steve ZurierJune 28, 2023

Microsoft responds to reports of glitches with the MS Teams web browser, but users report other issues accessing Teams on desktop clients and Macs.

Malware

SMBs plagued by exploits, trojans and backdoors

Steve ZurierJune 27, 2023

Security researchers say small companies prone to social engineering attacks.

Signage and people along Bruin Walk East, on the UCLA Campus in Los Angeles, CA, Wednesday, May 17, 2023. The University confirmed Tuesday that they were victims in the MOVEit hack disclosed in May. (Jay L. Clendenin / Los Angeles Times via Getty Images)

Business continuity

Siemens Energy, UCLA latest confirmed victims in MOVEit hack

Derek B. JohnsonJune 27, 2023

Representatives from Siemens Energy and UCLA told SC Media they were swept up in the massive hack that has hit dozens of known victims so far, while Schneider Electric said it was investigating the claims from the Cl0p ransomware and extortion group.

Critical authentication bypass found in Arcserve backup system

WHITEPAPER

Vulnerability management: A maelstrom of moving targets

PODCASTS

RESOURCES

FEATURED

2023 Women in IT Security: Call for nominations

Get daily email updates

Perspectives

Make security by design mainstream: this time around

There’s no need for providers to ban ChatGPT use in healthcare

Mitigate the potential risks of generative AI with these five tips

Can ‘good’ AI defeat ‘bad’ AI?

Five ways to get the board to think more seriously about OT security

In Brief

Double extortion attacks by 8Base ransomware ramp up

Fully exploited mobile devices spike

RCE attacks possible with Gentoo Soko SQL flaws

Growing cyber threats faced by submarine cables

California school district confirms data breach

More Resources

5 best practices for effective vulnerability management

MDR use cases: Speeding up the time from intrusion to detection and response

The OWASP API Security Top 10: What’s new for 2023

What is the OWASP API Security Top 10?

AI, threat intelligence and CISO-vendor partnerships: The Seattle CyberRisk Leadership Exchange

MOVEit hackers may have found simpler business model beyond ransomware

Researcher outlines known RFC vulnerabilities in SAP software that lead to unauthenticated remote code execution

White House uses budget hammer to spur better cybersecurity in 2025 and beyond

Hundreds of federal network devices fail new CISA security requirements

Microsoft Teams hit by widespread outage

SMBs plagued by exploits, trojans and backdoors

Siemens Energy, UCLA latest confirmed victims in MOVEit hack

EVENTS

Ransomware attackers vs. defenders: The never-ending game of one-upmanship

Threat intelligence: Be informed & banish ignorance

The endpoint end game: Locking down your entry points

Investing in IAM: Seize the moment

Perfecting the third-party lifecycle: Conquering risk in every phase