Featured
04/25/2024
5 ways Runtime Security cuts through exploding software complexity
Software complexity is exploding. Modern applications and application programming interfaces (APIs) comprise hundreds of repositories, frameworks, components, platforms, containers, services and connections. The rapidly increasing use of third-party, open-source libraries and AI-generated code is aggravating the challenge.
04/09/2024
CycloneDX v1.6 Released, Advances Software Supply Chain Security with Cryptographic Bill of Materials and Attestations
“Modern software is tremendously complex, and ensuring compliance with the dizzying array of standards is overwhelming,” said Jeff Williams, CTO of Contrast Security and the first Global Chair of OWASP. “CycloneDX Attestations (CDXA) makes “compliance as code” possible with machine-readable security standards and compliance documentation, instead of endless PDFs, spreadsheets, and paper evidence. With CDXA, you can automate production of compliance evidence, streamline communication between all compliance stakeholders, facilitate discussions about substantive security issues, handle exceptions, and manage signatures. We’re hoping CDXA marks the beginning of a new era where compliance and security are not entirely different things.”
04/04/2024
Russian Hackers Target German Political Parties with Fake Dinners to Deploy WINELOADER Backdoors
State-sponsored Russian hackers are targeting German political parties with fake dinner invites to deploy malware, establish persistence, and exfiltrate data.
04/03/2024
Microsoft Online Exchange Attack Preventable: CSRB
An attack on the Microsoft Exchange Online intrusion conducted by a Chinese-based attack group was preventable, the Cyber Safety Review Board (CSRB) said in a report.
04/02/2024
Cyber 'axis of evil' poised for more attacks on Australia, expert warns
A dangerous "axis of evil in cyberspace" is primed to launch more attacks on major Australian companies, a leading cybersecurity expert has warned, claiming the compromised networks of Medibank and Optus are just phase one in a dark master plan.
03/29/2024
Don’t Let This Happen to You: Cautionary Tales of Data Loss for World Backup Day 2024
The World Backup Day is observed on March 31, serving as a reminder of the possibility or certainty of data loss from human error, system failure, or threat actors’ malicious intent. As World Backup Day 2024 approaches, read about some of the data loss horror stories members of the Spiceworks Community witnessed and how they could have been prevented.
03/28/2024
Google: Zero-day exploits increasingly target enterprise technologies
The number of zero-day vulnerabilities exploited in-the-wild jumped significantly in 2023, as threat actors focused their efforts on enterprise-specific software and appliances, according to new research.
03/28/2024
US Puts Up $10M Bounty on BlackCat Ransomware Gang Members
Feds are offering cash for information to help them crack down on the ransomware-as-a-service group's cyberattacks against US critical infrastructure.
03/26/2024
Top 10 Application Security Companies in 2024
Application security (AppSec) in 2024 is expected to see some key trends driven by the evolving threat landscape and the increasing adoption of cloud-native technologies.
Here’s a glimpse into what you can expect.
03/26/2024
UK and US Blame China’s State-Sponsored Hackers for Parliament Cyber Espionage, Cyber Attacks on Energy Industry
A known state-sponsored hacking group from China has been sanctioned by the US Treasury Department for a campaign of cyber attacks over the past decade, and has been named by the UK’s National Cyber Security Centre (NCSC) as the culprit in a 2021 cyber espionage campaign against parliamentarians.
03/25/2024
China-Linked APT Sanctioned By U.S.
China-based attack groups continue to target United States critical infrastructure and now the U.S. took a step in one direction Monday to start fighting back.
03/21/2024
Memory-safe languages and security by design: Key insights, lessons learned
Memory safety is one of the most stubborn and dangerous software weaknesses. Here are key insights and takeaways from a new Google report on the issue.
03/14/2024
Russia-Based SolarWinds Hackers are Actively Targeting Microsoft
The November 2023 cyberattack on Microsoft that compromised corporate email accounts isn’t over yet. Microsoft recently disclosed that the Russia-based cybercriminal group Midnight Blizzard obtained information that can be disconcerting to customers. Redmond said the Russian hackers are using the information it previously exfiltrated to compromise it again.