Hackers used a fake Forcepoint extension, leveraging the Google Chrome Sync feature, to exfiltrate data and send commands to infected browsers, according to a report by a Croation security researcher writing for the SANS Institute.
Several data breaches stemming from unpatched vulnerabilities in Accellion's File Transfer Appliance have been revealed. What went wrong? Where does the fault lie? And what can organizations do about it?
With digital transformation come new applications and efficiencies in the cloud. But governance, visibility and access challenges also emerge. Hironori Yamashita of Imperva shares strategies for improving data governance and security in the cloud.
Drawing upon Imperva's own recent Cyber Threat Index findings, Reinhart Hansen, director of technology in the office of the CTO, talks about that latest application vulnerabilities and DDoS attack trends as we start 2021.
Digital innovation is the ultimate source of competitiveness and value creation for almost every type of business. The universal desire for faster innovation demands
efficient reuse of code, which in turn has led to a growing dependence on open source and thirdparty software libraries.
Download this whitepaper...
As users and applications become the risk focal point, there is no hard and fast perimeter security professionals can put a wall around. Consequently, application layers remain insufficiently secured. In fact, application layer attacks are now the most frequent pattern in confirmed breaches.
Download this guide and...
North Korean hackers have been "targeting security researchers working on vulnerability research and development at different companies and organizations" to trick them into installing backdoored software that gives attackers remote access to their systems, warns Google's Threat Analysis Group.
The SolarWinds supply chain compromise has raised questions over how to detect software that has been tainted during the vendor's development and build process. A concept called verified reproducible builds could help, says David Wheeler of the Linux Foundation.
Security vendor SonicWall is investigating what the company calls a "coordinated attack" against its internal network by threat actors using a zero-day exploit within the company's remote access products. SonicWall is urging customers to apply temporary fixes to secure VPNs and gateways.
Cloud security trends like “shift-left security” and “DevSecOps” refer to new strategies and paradigms that help organizations keep workloads secure in the age of cloud-based, scale-out, constantly changing applications and infrastructure.
Many in IT, security, and development probably understand what these...
Investigators probing the supply chain attack that hit SolarWinds say attackers successfully hacked the company's Microsoft Visual Studio development tools to add a backdoor into Orion network monitoring security software builds. They warn that other vendors may have been similarly subverted.
You can’t secure what you can’t see. In fact, gaining visibility and control over all your devices is one of the most important, yet challenging tasks for IT and security teams. The number of connected devices has exploded. At the same time, there are more diverse devices – IoT, IoMT and OT—that are sometimes...
Security researchers are warning that attackers appear to have stepped up scanning for vulnerable Zyxel products, including VPN gateways, access point controllers and firewalls. A recently disclosed vulnerability in the company's firmware can create a hard-coded backdoor.
This edition of the ISMG Security Report features an analysis of the very latest information about the SolarWinds hack. Also featured are discussions of "zero trust" for the hybrid cloud environment and data privacy regulatory trends.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.