Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Microsoft-owned GitHub is again flagging major security problems in the npm registry, warning that a pair of newly discovered vulnerabilities continue to expose the soft underbelly of the open-source software supply chain. read more Source: Security Week
Continue ReadingWhen FireEye (now Mandiant) disclosed the SolarWinds breach in December 2020, the security world was forced to accept the reality that given the motivation, time and resources, an advanced attacker can breach any organization. And if the breached organization is part of an important supply chain, the potential damage could be devastating. read more Source: […]
Continue ReadingEndpoint security platform Kolide on Thursday announced that it has raised $17 million in Series B funding, for a total of $27 million raised to date. read more Source: Security Week
Continue ReadingThe cybercrime underground’s adoption of Cobalt Strike correlates with the rise in ransomware activity over the past few years. Cobalt Strike is a commercial tool used by legitimate penetration testers. However, many open source reports show the suite also is used by state-sponsored actors and cybercriminals. The Intel 471 Malware Intelligence Team has found Cobalt […]
Continue ReadingStudying for the CCSP exam? The CCSP practice quiz is a great (FREE) study tool that allows you to quickly identify any knowledge gaps you might have in each domain. Your quiz results will allow you to refine your study strategy, so you can show up on test day ready to take the CCSP exam […]
Continue ReadingA recent Authentication Security Strategy survey by Enzoic and Redmond magazine revealed insights into the way that passwords are currently being used in various organizations, and what the future looks like regarding this ubiquitous authentication method. Read this research report to see: How much longer organizations expect to use passwords Attitudes toward password expirations Awareness […]
Continue ReadingThe Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that ransomware actors are deliberately launching attacks during the holidays and weekends. read more Source: Security Week
Continue ReadingMITRE ATT&CK has become the go-to framework in understanding and visualizing cyber threats and risk. Today its application in identifying the effectiveness of security technologies and processes is widespread, but there are also huge potential advantages in mapping the skills of security teams with threat actor tactics and techniques in MITRE ATT&CK. Download the eBook […]
Continue ReadingYour executives don’t care about security – they care about risk! Join to hear the latest research from a guest speaker, Sandy Carielli, Principal Forrester Analyst, on the role of the security team in building secure products. This will be followed by a roundtable discussion about how to build a risk-based application security program. Speakers: […]
Continue ReadingSecurity researchers at Citizen Lab are documenting a new Apple iOS zero-click exploit being used to hijack data from fully patched iPhones in Bahrain. Citizen Lab said it found technical evidence connecting the new exploit to the Pegasus high-end spyware tool sold by controversial Israeli software vendor NSO Group. read more Source: Security Week
Continue Reading