Citing national security concerns, the U.S. Commerce Department has placed seven Chinese supercomputer organizations on the Entity List, which effectively bars them from receiving supplies or components from U.S. companies.
The increasing reliance on collaboration tools such as Slack and Discord to support those working remotely during the COVID-19 pandemic has opened up new ways for fraudsters and cybercriminals to bypass security tools and deliver malware, Cisco Talos reports.
Due to the impact of COVID-19, 2020 will be widely regarded as the year that work moved home. In reality, it was the year work moved to the cloud and everywhere in between. As a result, endpoint management and endpoint security are now the cornerstones of effective protection and the foundation for the next generation...
Researchers have uncovered nine critical vulnerabilities in Rockwell Automation's FactoryTalk AssetCentre product, which, if exploited, potentially could enable attackers to control an OT network. An updated version of the product mitigates the flaws.
Attackers are targeting unpatched SAP applications, and the exploits could lead to the hijacking of the vulnerable systems, data theft and ransomware attacks, SAP and Onapsis Research Labs report. They note that patches for most of the flaws have been available for several years.
The revelation that 533 million previously stolen Facebook account records have been made public on a darknet forum should inspire organizations to take aggressive action to further protect customer data security, some security experts say.
Four editors at Information Security Media Group discuss important cybersecurity issues, including dealing with attacks targeting the aging Accellion File Transfer appliance and taking steps to enhance employee authentication.
Customers of Indian payments platform MobiKwik appear to have gotten a lucky break: A listing for 8.2TB of stolen data pertaining to 99 million customers was withdrawn by a cybercrime forum seller, supposedly because of the public risk posed. MobiKwik continues to deny that it was breached. Who's to be believed?
Although SolarWinds has released a second round of patches for flaws in its Orion network monitoring platform that was targeted in a supply chain attack, some security experts say organizations need to go far beyond patching to manage the risks involved.
The zero-day attacks against Accellion's File Transfer Appliance show that a number of big-name firms continued to use the legacy technology - even though more secure, cloud-based options were available. Evidently, many CISOs didn't see a compelling reason to move on. Of course, now they do.
The "zero trust" model is outdated in today's cloud environment, says Ian Thornton-Trump, CISO at Cyjax, a threat intelligence company, who recommends the use of segmentation and monitoring for anomalous behavior instead.