Qualys has confirmed that its Accellion File Transfer Appliance software was breached by zero-day-wielding attackers after stolen customer data appeared on the Clop ransomware gang's data leaks site. The security firm's public breach notification comes more than two months after the firm first learned it had been...
The security firm Okta shook up the identity and access management market Wednesday by announcing a $6.5 billion deal to acquire the customer IAM technology supplier Auth0. Two other cybersecurity M&A deals were also announced this week.
New authentication models, including dynamic authorization and continuous authentication, that work well for consumers can be adopted for employees as well, says Thomas Malta, head of identity and access management at the Virginia-based Navy Federal Credit Union.
Microsoft issued emergency software patches on Tuesday for four zero-day vulnerabilities in its Exchange email server. The alarming vulnerabilities could allow a remote attacker into Exchange and possibly enable further lateral movement.
In this era of "work from anywhere," identity and access management solutions are challenged more than ever. What are the strategies and solutions recommended by top CEOs and CISOs in the cybersecurity sector? An expert panel weighs in.
Ticketcounter, a Dutch e-ticketing platform, says a user database containing personal data on 1.9 million individuals was stolen from an unsecured staging server.
Using a nearly 20-year-old file transfer product - what could go wrong? Among the many lessons to be learned from the Accellion File Transfer Appliance mess is this: Attackers will devote substantial resources to reverse-engineer hardware, software or a service if there's a financial upside.
State-sponsored groups in China appear to be targeting India’s power supply by dropping malware into systems, according to online digital threat analysis company Recorded Future. The Indian government says it has taken steps to mitigate the risks.
Jamil Farshchi has been there. As CISO of Equifax, he knows what it’s like to be a victim of a high-profile cyberattack. And he knows breached companies have a choice: "Are they going to be a force for good by helping the rest of the industry learn from their experience?"
Prolific Ryuk ransomware has a new trick up its sleeve. "A Ryuk sample with worm-like capabilities - allowing it to spread automatically within networks it infects" was recently discovered during an incident response effort, warns CERT-FR, the French government's computer emergency response team.
The U.S. National Security Agency has issued "zero trust" guidance aimed at securing critical networks and sensitive data within key federal agencies. The NSA adds it is also assisting Defense Department customers with the zero trust implementations.
A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal cybersecurity laws to address the security failures. This includes a larger role for CISA to conduct threat hunting.
Ransomware continues to sting numerous organizations, and the problem only seems to be getting worse. More than ever, the onus is on potential victims to ensure they have essential defenses in place - and if possible, to proactively hunt for attackers who may already be inside their network.
Microsoft is making available the CodeQL queries it used to detect malicious implants in the massive supply chain attack that affected SolarWinds, tech firms and government agencies.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.