RansomwareRansomware on track for record profits, even as fewer victims payLaura FrenchAugust 20, 2024A mid-year report found ransom payment prices have increased drastically among big game hunters.
Vulnerability ManagementIran election meddling brings call to action in USShaun NicholsAugust 20, 2024Government officials in the U.S. are sounding the alarm over new reports of election meddling by Iran.
Cloud SecurityTLS bootstrap attack gains access to Azure Kubernetes Services clusterSteve ZurierAugust 20, 2024While Microsoft has patched the issue, security pros warn that teams need to audit their AKS clusters.
Network SecurityTP-Link finds itself in congressional crosshairs over ties to ChinaShaun NicholsAugust 19, 2024Networking vendor TP-Link has found itself under scrutiny from Congress over its links to the Chinese government.
Vulnerability ManagementCritical Jenkins vulnerability added to CISA’s known vulnerabilities catalogLaura FrenchAugust 19, 2024The RCE vulnerability was leveraged in ransomware attacks targeting Indian banks.
Application securityBugs in Microsoft apps for macOS could give privileges to attackersSteve ZurierAugust 19, 2024Security pros say the flaws in six apps for macOS could let attackers take over cameras, microphones and screen recordings.
AI/MLChanges to controversial California AI safety bill fail to satisfy criticsLaura FrenchAugust 16, 2024Critics said the bill, meant to prevent mass AI-related casualties and cyberattacks, will crush AI open-source and innovation.
Vulnerability ManagementSolarWinds patches critical RCE vulnerability in its Web Help DeskShaun NicholsAugust 16, 2024Administrators ready to take an early weekend have been served with what might be the scariest three words in IT: Critical SolarWinds Vulnerability.
IdentityMicrosoft Entra ID bug lets attackers impersonate any synched userSteve ZurierAugust 16, 2024Security pros say the Entra ID flaw could let attackers impersonate a user with Global Admin privileges, even the CEO.
Application securityGoogle Pixel phones embedded with insecure 3rd-party APK, researchers sayLaura FrenchAugust 15, 2024Google says it will remove the package in a firmware update after reports that it has excessive privileges and contains vulnerabilities.
The CISO Top 10: Your guide to navigating the biggest cybersecurity challengesBill BrennerAugust 19, 2024