Vulnerabilities in third-party software used by open source content management platform Drupal.org allowed attackers access to information on nearly one million accounts. The data included hashed passwords, but not financial information.

Third-party breaches persist: What you need to know

Shaun NicholsAugust 1, 2024

Third-party access to data remains a serious security concern for enterprise IT executives.

RESOURCES

PODCASTS

FEATURED

News Spotlight: CrowdStrike Outage

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Critical Infrastructure Security

Ukraine steps up cyberwar with DDoS on Russian banks

Shaun NicholsAugust 2, 2024

Officials in Ukraine say they have concluded a week-long attack intended to hinder the financial system in Russia.

Ransomware

Rhysida auctions Columbus data after city halts ransomware encryption

Laura FrenchAugust 2, 2024

The ransomware gang claims to have 6.5 TB of data on city employees and emergency services.

Application security

Attackers exploit StackExchange to load malicious packages to PyPI

Steve ZurierAugust 2, 2024

Checkmarx researchers say the infostealer malware exfiltrated sensitive data and drained the crypto wallets of developers.

AI/ML

AI-generated emails make up 40% of BEC lures, security firm says

Laura FrenchAugust 1, 2024

GenAI’s role in phishing and scams continues to raise concerns as overall spam volume rises.

Google Authenticator app on an Ipad. Google Authenticator is a software-based authenticator by Google.

Application security

Fake Google Authenticator ads lure users to download malware on GitHub

Steve ZurierAugust 1, 2024

Security pros caution users to download apps only from official app stores and websites.

Ransomware

There will (not) be blood: OneBlood hit by ransomware attack

Shaun NicholsJuly 31, 2024

OneBlood said it is struggling to get its IT network back online following a ransomware attack.

AI/ML

Meta’s PromptGuard model bypassed by simple jailbreak, researchers say

Laura FrenchJuly 31, 2024

Removing punctuation and spacing out characters had a 99.8% jailbreak success rate.

Black Hat

Black Hat USA 2024, BSidesLV and DEF CON 32: Your Hacker Summer Camp guide

SC StaffJuly 31, 2024

SC Media previews next week’s trifecta of cybersecurity conferences and offers a cheat sheet on what to expect and best bets to attend.

Third-party breaches persist: What you need to know

RESOURCES

PODCASTS

FEATURED

News Spotlight: CrowdStrike Outage

Get daily email updates

Perspectives

Three ways to prepare for the upcoming CIRCIA cyberattack disclosure law

What TikTok’s owner ByteDance can learn from Kaspersky’s white flag

Text-based 2FA is overprescribed

Lessons from FrostyGoop: A wake-up call for municipal cybersecurity

Microsoft’s blame of EU regs for the CrowdStrike outage doesn’t make sense

In Brief

Inaugural Defense Department cyber policy head receives Senate nod

Russian hackers part of US-Russia prisoner swap

US, others commit to address data, privacy risks of connected cars

Massive CrowdStrike outage prompts class action

GAO: Immediate EPA action in boosting water, wastewater sector cybersecurity needed

More Resources

Identity resilience: What it is and how to achieve it

Ransomware targeting FinServ: What you need to know

Five ways to boost identity intelligence to enhance visibility and decision-making

The cybersecurity skills gap and breaches

Why OT has become a hot target for cyber criminals

Ukraine steps up cyberwar with DDoS on Russian banks

Rhysida auctions Columbus data after city halts ransomware encryption

Attackers exploit StackExchange to load malicious packages to PyPI

AI-generated emails make up 40% of BEC lures, security firm says

Fake Google Authenticator ads lure users to download malware on GitHub

There will (not) be blood: OneBlood hit by ransomware attack

Meta’s PromptGuard model bypassed by simple jailbreak, researchers say

Black Hat USA 2024, BSidesLV and DEF CON 32: Your Hacker Summer Camp guide

EVENTS

CISO Perspectives to Improve/Optimize Vulnerability Management

Exposure Management: How organizations can build cyber resilience

Key cloud security priorities for the second half of 2024

Your Approach to Incident Response for the Cloud Isn’t Good Enough: How to Make it Better

Preventing Ransomware: Key Trends and Guidance for the Second Half of 2024 and Early 2025

Cybersecurity News, Awards, Webinars, eSummits, Research

Third-party breaches persist: What you need to know

RESOURCES

PODCASTS

FEATURED

News Spotlight: CrowdStrike Outage

Get daily email updates

Perspectives

Three ways to prepare for the upcoming CIRCIA cyberattack disclosure law

What TikTok’s owner ByteDance can learn from Kaspersky’s white flag

Text-based 2FA is overprescribed

Lessons from FrostyGoop: A wake-up call for municipal cybersecurity

Microsoft’s blame of EU regs for the CrowdStrike outage doesn’t make sense

In Brief

Inaugural Defense Department cyber policy head receives Senate nod

Russian hackers part of US-Russia prisoner swap

US, others commit to address data, privacy risks of connected cars

Massive CrowdStrike outage prompts class action

GAO: Immediate EPA action in boosting water, wastewater sector cybersecurity needed

More Resources

Identity resilience: What it is and how to achieve it

Ransomware targeting FinServ: What you need to know

Five ways to boost identity intelligence to enhance visibility and decision-making

The cybersecurity skills gap and breaches

Why OT has become a hot target for cyber criminals

Ukraine steps up cyberwar with DDoS on Russian banks

Rhysida auctions Columbus data after city halts ransomware encryption

Attackers exploit StackExchange to load malicious packages to PyPI

AI-generated emails make up 40% of BEC lures, security firm says

Fake Google Authenticator ads lure users to download malware on GitHub

There will (not) be blood: OneBlood hit by ransomware attack

Meta’s PromptGuard model bypassed by simple jailbreak, researchers say

Black Hat USA 2024, BSidesLV and DEF CON 32: Your Hacker Summer Camp guide

EVENTS

CISO Perspectives to Improve/Optimize Vulnerability Management

Exposure Management: How organizations can build cyber resilience

Key cloud security priorities for the second half of 2024

Your Approach to Incident Response for the Cloud Isn’t Good Enough: How to Make it Better

Preventing Ransomware: Key Trends and Guidance for the Second Half of 2024 and Early 2025