EmeraldWhale’s Massive Git Breach Highlights Config Gaps
The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.
Booking.com Phishers May Leave You With Reservations
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This…
Facebook Businesses Targeted in Infostealer Phishing Campaign
The threat actors deceive their victims by impersonating the legal teams of companies, well-known Web stores, and manufacturers.
Canada Grapples With ‘Second-to-None’ PRC-Backed Threat Actors
Chinese APTs lurked in Canadian government networks for five years — and that's just one among a whole host of…
New Cisco ASA and FTD features block VPN brute-force password attacks
Cisco has added new security features that significantly mitigate brute-force and password spray attacks on Cisco ASA and Firepower Threat Defense…
AWS’s Predictable Bucket Names Make Accounts Easier to Crack
Amazon's open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.
SEC charges tech companies for downplaying SolarWinds breaches
The SEC has charged four companies—Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly misleading investors about the impact…
Innovator Spotlight: Concentric
Data security is more critical than ever as organizations manage vast amounts of sensitive information across cloud and on-premises environments.…
The Ugly Truth about Your Software Vendor which CISOs Won’t Want (But Do Need) to Hear
We’ve got a hard truth to share with you, and you might not like it: You are not your software…
Zero-Trust Endpoint Security
Zero-Trust Endpoint Security: How a Preventive Approach Can Limit Your Endpoint Attack Surface Endpoint security has become more critical than…