Cybersecurity News, Awards, Webinars, eSummits, Research

In a research report published today by Mandiant, the Google-owned threat intelligence firm identified over 500 distinct victims the KillNet collective has allegedly targeted with DDoS attacks between January 1 and June 20. (Image Credit: Funtap via Getty Images)

Anonymous Sudan DDoS strikes dominate attacks by KillNet collective

Simon HenderyJuly 20, 2023

Mandiant researchers say Anonymous Sudan has taken over as the most prolific affiliate of KillNet, a collective of Russia-aligned ‘hacktivist’ groups, carrying out the majority of the group's DDoS attacks in recent months.

WHITEPAPER

Vulnerability management: A maelstrom of moving targets

PODCASTS

RESOURCES

FEATURED

2023 Women in IT Security: Call for nominations

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Application security

Most financial and insurance firms report security issues in production APIs

Steve ZurierJuly 19, 2023

Salt Security study says 17% of financial services and insurance companies experienced an API-related breach, and nearly 70% had rollout delays due to API security issues.

Critical infrastructure

Microsoft backtracks: Premium security logging is now free

Derek B. JohnsonJuly 19, 2023

Standard license holders will get access to more than 30 types of logging previously available to higher paying customers, and all logs will be stored for twice as long, 180 days, by default.

FEDERAL COMMUNICATIONS COMMISSION US CYBERSECURITY LABELING PROGRAM FOR SMART DEVICES

Device Security

FCC launches ‘U.S. Cyber Trust Mark’ labeling for IoT devices

Stephen WeigandJuly 19, 2023

At a White House press event, the FCC said it wants to help consumers purchase smart devices that are less vulnerable to cyberattacks.

Ransomware

FIN8 retools backdoor malware to avoid detection

Simon HenderyJuly 19, 2023

The long-established APT has developed a stealthy new variant of the Sardonic malware as it pivots from PoS attacks to ransomware.

The continued stream of newly disclosed companies impacted by the MOVEit HACK every day has many security experts asking where the bottom is, and when Cl0p may finally exhaust its pool of companies to extort. (Image Credit: Natalia Shabasheva via Getty Images)

Vulnerability management

The tail of the MOVEit hack may be longer than we realize

Derek B. JohnsonJuly 18, 2023

A significant minority of victims disclosed thus far do not appear to be direct users of MOVEit Transfer and had their data stolen via a third-party provider.

Vulnerability management

Patch Adobe ColdFusion zero-days, CISA urges security teams

Steve ZurierJuly 18, 2023

Security pros say Adobe’s most recent advisory covers the patches for all the most recent vulnerabilities discovered in the ColdFusion web development platform.

Identity and access

Mass attack on WordPress sites targets bug in WooCommerce plugin

Simon HenderyJuly 18, 2023

The ongoing campaign is exploiting a now-patched vulnerability in the popular ecommerce plugin that can give hackers admin access to websites.

Anonymous Sudan DDoS strikes dominate attacks by KillNet collective

WHITEPAPER

Vulnerability management: A maelstrom of moving targets

PODCASTS

RESOURCES

FEATURED

2023 Women in IT Security: Call for nominations

Get daily email updates

Perspectives

‘Last-Generation Firewalls’ fall short for the cloud

Why company executives should not post their home addresses online

Five hopes and fears every CISO has for AI

Lessons to learn from last week’s email breach on federal agencies by a Chinese APT group

Eight steps organizations can take after news of a state-sponsored cyberattack

In Brief

Supply chain attacks possible with Google Cloud Build vulnerability

HHS urged to bolster protection of health records

US adds spyware developers Intellexa, Cytrox to blacklist

Cyberattack disrupts TOMRA

Imagine360, others impacted by separate third-party data breaches

More Resources

Browser security is not created equally

MDR use cases: How to tune MDR to the specialized needs of the industry where it is deployed

MDR use cases: Achieving detection and response with lower costs and higher productivity

Cybersecurity experts share their top vulnerability management challenges in 2023

5 best practices for effective vulnerability management

Most financial and insurance firms report security issues in production APIs

Microsoft backtracks: Premium security logging is now free

FCC launches ‘U.S. Cyber Trust Mark’ labeling for IoT devices

FIN8 retools backdoor malware to avoid detection

The tail of the MOVEit hack may be longer than we realize

Patch Adobe ColdFusion zero-days, CISA urges security teams

Mass attack on WordPress sites targets bug in WooCommerce plugin

EVENTS

Ransomware attackers vs. defenders: The never-ending game of one-upmanship

A day in the life of an MDR analyst: How we saved a firewall provider from disaster

Threat intelligence: Be informed & banish ignorance

Cyber risk is business risk: Walking the intersecting lines

The endpoint end game: Locking down your entry points