Actor Gary Oldman in a scene from the movie "Leon."

British actor Gary Oldman on the set of the film “Leon,” directed by Luc Besson. (Photo by Patrick Camboulive / Sygma via Getty Images)

NPM registry prank leaves developers unable to unpublish packages

Laura FrenchJanuary 3, 2024

Could threat actors leverage “dependency hell” to exploit open-source software repositories?

2023 Cybersecurity Year in Review: How AI, Cloud, Ransomware and the SEC raised security stakes

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Patch/Configuration Management

CISA adds Excel, Chrome flaws to its exploited vulnerabilities catalog

Steve ZurierJanuary 3, 2024

Excel flaw tied to Chinese threat group UNC4841, while Chrome vulnerability is the eighth zero-day for the popular web browser of 2023.

Cyber Security and safety information, personal data concept. Digital Padlocks on abstract technology background. 3d rendering

Ransomware

SRLabs develops Black Basta ransomware decryptor

Simon HenderyJanuary 3, 2024

Researchers discovered a flaw in the prolific ransomware gang’s encryption technique, allowing its victims to recover data to a certain extent.

Endpoint/Device Security

Qualcomm chip vulnerability enables remote attack by voice call

Laura FrenchJanuary 2, 2024

The critical bug that could lead to a remote attack via voice call is one of 26 vulnerabilities affecting hundreds of Qualcomm chipsets.

Patch/Configuration Management

Attackers chain two Google Kubernetes Engine bugs to escalate privileges

Steve ZurierJanuary 2, 2024

Security pros say threat actors leverage chaining to launch targeted attacks.

Generative AI

Biggest AI trends of 2024: According to top security experts

Stephen WeigandJanuary 2, 2024

Cybersecurity prognosticators share predictions for artificial intelligence's uses, abuses and surprising impact on businesses risks in the year ahead.

Malware

Microsoft hardens App Installer security as malware abuse continues

Simon HenderyJanuary 2, 2024

Less than a year after it re-emerged following earlier security issues, Microsoft has again taken action to limit malware distribution through its ms-appinstaller protocol for MSIX.

Breach

Crooks push holiday misery with ‘Leaksmas’ release of 50M PII records

Simon HenderyDecember 29, 2023

Hackers tag illicit data as ‘Leaksmas’, spreading misery for 50 million victims on dark web under the guise of holiday dark spirit.

Governance, Risk and Compliance

Top 5 compliance deadlines for cybersecurity pros in 2024

Laura FrenchDecember 28, 2023

From new FTC data breach reporting rules to three state privacy laws taking effect the same day, here are some key dates to remember.

NPM registry prank leaves developers unable to unpublish packages

2023 Cybersecurity Year in Review: How AI, Cloud, Ransomware and the SEC raised security stakes

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

Perspectives

Here’s how to bridge the mobile app security gap

Seven ways to tackle the ALPHV/BlackCat threat

Four ways companies can respond and more effectively comply with the SEC’s new cybersecurity rules

By caring about insider threats, CISOs show they care about their coworkers

A practical guide to measurable phishing simulation testing

In Brief

Google bolsters anti-spam efforts with end of Usenet support in Groups

Feedback sought for FCC’s proposed $200M school, library cyber program

UK nuclear waste firm thwarts cyberattack

Major hack impacts Iranian firms

Ukraine: Online cameras in Kyiv targeted by Russian espionage effort

More Resources

Third-party apps and other privacy threats that raged in 2023

Context-sensitive endpoint defense: What it is, how it can stop ransomware

Ransomware surges, despite aggressive defenses

How to use intelligence on failed ColdFusion attack to bolster your ransomware defenses

What a failed attack against ColdFusion revealed about ransomware tools and tactics

CISA adds Excel, Chrome flaws to its exploited vulnerabilities catalog

SRLabs develops Black Basta ransomware decryptor

Qualcomm chip vulnerability enables remote attack by voice call

Attackers chain two Google Kubernetes Engine bugs to escalate privileges

Biggest AI trends of 2024: According to top security experts

Microsoft hardens App Installer security as malware abuse continues

Crooks push holiday misery with ‘Leaksmas’ release of 50M PII records

Top 5 compliance deadlines for cybersecurity pros in 2024

EVENTS

Ransomware attack lessons, from MOVEit and Doubledrive to MGM/Caesars

Navigating the zero trust landscape: Lessons from the trenches

New Encrypted Attack Insights: Findings from the Latest Zscaler Report

Attack Prevention Priorities for 2024: Single point failure, AI, supply chain

A CISO’s Guide to Harnessing the Power and Managing the Risks of Artificial Intelligence (AI)

Cybersecurity News, Awards, Webinars, eSummits, Research

NPM registry prank leaves developers unable to unpublish packages

2023 Cybersecurity Year in Review: How AI, Cloud, Ransomware and the SEC raised security stakes

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

Perspectives

Here’s how to bridge the mobile app security gap

Seven ways to tackle the ALPHV/BlackCat threat

Four ways companies can respond and more effectively comply with the SEC’s new cybersecurity rules

By caring about insider threats, CISOs show they care about their coworkers

A practical guide to measurable phishing simulation testing

In Brief

Google bolsters anti-spam efforts with end of Usenet support in Groups

Feedback sought for FCC’s proposed $200M school, library cyber program

UK nuclear waste firm thwarts cyberattack

Major hack impacts Iranian firms

Ukraine: Online cameras in Kyiv targeted by Russian espionage effort

More Resources

Third-party apps and other privacy threats that raged in 2023

Context-sensitive endpoint defense: What it is, how it can stop ransomware

Ransomware surges, despite aggressive defenses

How to use intelligence on failed ColdFusion attack to bolster your ransomware defenses

What a failed attack against ColdFusion revealed about ransomware tools and tactics

CISA adds Excel, Chrome flaws to its exploited vulnerabilities catalog

SRLabs develops Black Basta ransomware decryptor

Qualcomm chip vulnerability enables remote attack by voice call

Attackers chain two Google Kubernetes Engine bugs to escalate privileges

Biggest AI trends of 2024: According to top security experts

Microsoft hardens App Installer security as malware abuse continues

Crooks push holiday misery with ‘Leaksmas’ release of 50M PII records

Top 5 compliance deadlines for cybersecurity pros in 2024

EVENTS

Ransomware attack lessons, from MOVEit and Doubledrive to MGM/Caesars

Navigating the zero trust landscape: Lessons from the trenches

New Encrypted Attack Insights: Findings from the Latest Zscaler Report

Attack Prevention Priorities for 2024: Single point failure, AI, supply chain

A CISO’s Guide to Harnessing the Power and Managing the Risks of Artificial Intelligence (AI)