- — Multiple Governments Buying Android Zero-Days for Spying: Google
- An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.
- — QuSecure Carves Out Space in Quantum Cryptography With Its Vision of a Post-RSA World
- NIST may be on the brink of revealing which post-quantum computing encryption algorithms it is endorsing, solidifying commercial developments like QuProtect.
- — Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems
- The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.
- — Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT
- Analysts have seen a massive spike in malicious activity by the XorDdos trojan in the last six months, against Linux cloud and IoT infrastructures .
- — Why the Employee Experience Is Cyber Resilience
- A culture of trust, combined with tools designed around EX, can work in tandem to help organizations become more resilient and secure.
- — Valeo Networks Acquires Next I.T.
- Next I.T. is the sixth and largest acquisition to date for Valeo Networks.
- — Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection
- IronKey Vault Privacy 80 External SSD safeguards against brute-force attacks and BadUSB with digitally-signed firmware.
- — After the Okta Breach, Diversify Your Sources of Truth
- What subsequent protections do you have in place when your first line of defense goes down?
- — Chatbot Army Deployed in Latest DHL Shipping Phish
- In a new phishing tactic, faux chatbots establish a conversation with victims to guide them to malicious links, researchers say.
- — Partial Patching Still Provides Strong Protection Against APTs
- Organizations that deploy updates only after a vulnerability is disclosed apply far fewer updates and do so at a lower cost than those that stay up to date on all of their software, university researchers say.
- — Quantum Key Distribution for a Post-Quantum World
- New versions of QKD use separate wavelengths on the same fiber, improving cost and efficiency, but distance is still a challenge.
- — Microsoft Rushes a Fix After May Patch Tuesday Breaks Authentication
- Two of Microsoft's Patch Tuesday updates need a do-over after causing certificate-based authentication errors.
- — Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap
- To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.
- — New Open Source Project Brings Consistent Identity Access to Multicloud
- Hexa and IDQL allows organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.
- — More Than 1,000 Cybersecurity Career Pursuers Complete the (ISC)² Entry-Level Cybersecurity Certification Pilot Exam
- New professional certification program establishes a pathway into the workforce for students and career changers by demonstrating their foundational knowledge, skills and abilities to employers.
- — Deadbolt Ransomware Targeting QNAP NAS Devices
- QNAP is urging customers of its NAS products to update QTS and avoid exposing the devices to the Internet.
- — Pro-Russian Information Operations Escalate in Ukraine War
- In the three months since the war started, Russian operatives and those allied with the nation's interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says.
- — DoJ Won't Charge 'Good Faith' Security Researchers
- Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.
- — Majority of Kubernetes API Servers Exposed to the Public Internet
- Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.
- — Dig Exits Stealth With $11M for Cloud Data Detection and Response Solution
- CrowdStrike and CyberArk invest in Dig's seed round, which was led by Team8, alongside Merlin Ventures and chairs of MongoDB and Exabeam.
- — 6 Scary Tactics Used in Mobile App Attacks
- Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.
- — MITRE Creates Framework for Supply Chain Security
- System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.
- — Google Cloud Aims to Share Its Vetted Open Source Ecosystem
- The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.
As of 5/24/22 12:17am. Last new 5/23/22 7:20pm.
- Next feed in category: Tech News World