(Adobe Stock)

FBot hacking tool targets major cloud services

Steve ZurierJanuary 12, 2024

While a concern, security pros say by enabling multi-factor authentication and focusing on core cloud security best practices, teams can handle the challenge FBot presents.

2023 Cybersecurity Year in Review: How AI, Cloud, Ransomware and the SEC raised security stakes

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Vulnerability Management

GitLab vulnerability risks account takeover via simple password reset

Laura FrenchJanuary 12, 2024

No user interaction is required for takeover; GitLab CE and EE users should patch immediately.

Network cables attached to network patch panel in datacenter

Cloud Security

Two zero-days in Ivanti products actively exploited by threat actor

Stephen WeigandJanuary 12, 2024

Two vulnerabilities in Ivanti Connect Secure VPN devices can be chained together by a threat actor to craft malicious requests and execute arbitrary commands on the system.

Phishing

Mandiant X/Twitter hacker linked to $900K cryptocurrency phishing scheme

Laura FrenchJanuary 11, 2024

The cybersecurity company, a Google subsidiary, said a 2FA policy change on X helped enable the “brute force” attack.

Cloud Security

Cloud 2024: SaaS nightmares, API security boom and the impending cloud ‘identity crisis’

Stephen WeigandJanuary 11, 2024

"In 2024, SaaS applications will present the next biggest attack surface that organizations have not yet addressed," says Adam Gavish, CEO and co-founder, DoControl.

Ransomware

Fidelity National Financial confirms data of 1.3 million customers exposed in cyberattack

Steve ZurierJanuary 11, 2024

Large mortgage company did not use the word “ransomware” in its 8K filing, but security experts say the evidence points to a likely ransomware attack.

Top view of black keyboard and handcuffs - cyber crime concept

Privacy

Prolific ShinyHunters hacker jailed, ordered to repay $5 million

Simon HenderyJanuary 11, 2024

French citizen was part of a gang that stole and sold hundreds of millions of records in 2020 and 2021 from over 60 companies.

Identity

SEC X/Twitter account hack: How 2FA could have stopped SIM swap scam

Laura FrenchJanuary 10, 2024

Hijacked SEC account used to falsely announce Bitcoin ETF approval: everything you need to know.

Patch/Configuration Management

Microsoft fixes 48 bugs in January Patch Tuesday, none of them zero-days

Steve ZurierJanuary 10, 2024

Security pros noted that the first Patch Tuesday of 2024 was the second consecutive release by Microsoft with no zero-days.

FBot hacking tool targets major cloud services

2023 Cybersecurity Year in Review: How AI, Cloud, Ransomware and the SEC raised security stakes

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

Perspectives

Here’s how to get proactive about complying with the SEC’s cybersecurity rules

My AI-generated voice is my (scammers) password: Now what?

Get going and start a zero-trust program in 2024

Five ways to develop better, safer apps

Four ethical and technical considerations for deploying biometrics

In Brief

Updated Atomic Stealer malware emerges

Thousands of WordPress sites impacted by Balada Injector campaign

US, others potentially targeted by new Volt Typhoon attacks exploiting Cisco router bugs

Relaxed federal cyber contracting job requirements pushed to bolster workforce

CISA: Attacks exploiting Microsoft SharePoint flaw underway

More Resources

What happens when ransomware-as-a-service meets context-sensitive endpoint security

Devices (and ransomware) are everywhere: How endpoint security must adapt

Cloud security acronyms decoded

Third-party apps and other privacy threats that raged in 2023

Context-sensitive endpoint defense: What it is, how it can stop ransomware

GitLab vulnerability risks account takeover via simple password reset

Two zero-days in Ivanti products actively exploited by threat actor

Mandiant X/Twitter hacker linked to $900K cryptocurrency phishing scheme

Cloud 2024: SaaS nightmares, API security boom and the impending cloud ‘identity crisis’

Fidelity National Financial confirms data of 1.3 million customers exposed in cyberattack

Prolific ShinyHunters hacker jailed, ordered to repay $5 million

SEC X/Twitter account hack: How 2FA could have stopped SIM swap scam

Microsoft fixes 48 bugs in January Patch Tuesday, none of them zero-days

EVENTS

How CISOs Adjust Security to the SaaS Transformation

Navigating the zero trust landscape: Lessons from the trenches

New Encrypted Attack Insights: Findings from the Latest Zscaler Report

Attack Prevention Priorities for 2024: Single point failure, AI, supply chain

A CISO’s Guide to Harnessing the Power and Managing the Risks of Artificial Intelligence (AI)

Cybersecurity News, Awards, Webinars, eSummits, Research

FBot hacking tool targets major cloud services

2023 Cybersecurity Year in Review: How AI, Cloud, Ransomware and the SEC raised security stakes

PODCASTS

RESOURCES

FEATURED

Congratulations to our 2023 SC Media Women in IT Security honorees

Get daily email updates

Perspectives

Here’s how to get proactive about complying with the SEC’s cybersecurity rules

My AI-generated voice is my (scammers) password: Now what?

Get going and start a zero-trust program in 2024

Five ways to develop better, safer apps

Four ethical and technical considerations for deploying biometrics

In Brief

Updated Atomic Stealer malware emerges

Thousands of WordPress sites impacted by Balada Injector campaign

US, others potentially targeted by new Volt Typhoon attacks exploiting Cisco router bugs

Relaxed federal cyber contracting job requirements pushed to bolster workforce

CISA: Attacks exploiting Microsoft SharePoint flaw underway

More Resources

What happens when ransomware-as-a-service meets context-sensitive endpoint security

Devices (and ransomware) are everywhere: How endpoint security must adapt

Cloud security acronyms decoded

Third-party apps and other privacy threats that raged in 2023

Context-sensitive endpoint defense: What it is, how it can stop ransomware

GitLab vulnerability risks account takeover via simple password reset

Two zero-days in Ivanti products actively exploited by threat actor

Mandiant X/Twitter hacker linked to $900K cryptocurrency phishing scheme

Cloud 2024: SaaS nightmares, API security boom and the impending cloud ‘identity crisis’

Fidelity National Financial confirms data of 1.3 million customers exposed in cyberattack

Prolific ShinyHunters hacker jailed, ordered to repay $5 million

SEC X/Twitter account hack: How 2FA could have stopped SIM swap scam

Microsoft fixes 48 bugs in January Patch Tuesday, none of them zero-days

EVENTS

How CISOs Adjust Security to the SaaS Transformation

Navigating the zero trust landscape: Lessons from the trenches

New Encrypted Attack Insights: Findings from the Latest Zscaler Report

Attack Prevention Priorities for 2024: Single point failure, AI, supply chain

A CISO’s Guide to Harnessing the Power and Managing the Risks of Artificial Intelligence (AI)