Microsoft addressed vulnerabilities in a dozen of its software products in its Patch Tuesday update for May. And while none of the flaws are currently being exploited, several of the most critical flaws require immediate attention, the company says.
In the current work-at-home environment, keeping the workforce educated about critical cybersecurity practices requires "short, sharp bursts of education" that offer compelling messages, says Vicki Gavin, a former CISO who now serves as a cyber education consultant.
Enterprises are approaching customer identity and access management from multiple angles, and maturity is growing. These are takeaways from a recent roundtable discussion of CIAM myths and realities. Keith Casey of Okta discusses this event and his vision of CIAM.
There are three distinct scenarios for how the COVID-19 virus might spread over the next 18 to 24 months, says pandemic expert Regina Phelps. None is pleasant, but one may exact a smaller economic and human toll. And our next moves might determine which scenario unfolds.
The operators behind the Zeus Sphinx malware have added new features and functionality to the Trojan, and more cybercriminals have deployed it within phishing campaigns that use the COVID-19 crisis as a lure, according to IBM X-Force. The Trojan has become more efficient at stealing banking data.
New research shows it's possible to unlock a password-protected Windows computer in about five minutes by exploiting vulnerabilities in Intel's Thunderbolt hardware controller. The vulnerabilities add to a growing list of issues around Thunderbolt, which is used for connecting peripherals.
After suffering a ransomware attack last October that left several systems inaccessible, mailing equipment manufacturer Pitney Bowes reports that it recently blocked another ransomware attack before any data was encrypted and says there's "no evidence of further unauthorized access to our IT systems."
What are some best practices for moving network security from the datacenter to the cloud? And what are the essentials of Secure Access Service Edge frameworks, and how can they be implemented? These are among the questions to be discussed in a new series of virtual roundtables hosted by Forcepoint and Homayun Yaqub.
Anubis, one of the most potent Android botnets, apparently is getting a refresh a year after its source code was leaked, security researchers say. The changes could help fraudsters more closely monitor activity on hacked devices.
After offering three large databases of compromised user data for sale on the darknet last week, a hacking group known as Shiny Hunters now is trying to sell four additional databases of information apparently gathered from data breaches, security researchers say.
What good is securing your data if the bad guys have already stolen your encryption keys? Brad Beutlich of nCipher Security sets the record straight about encryption and why some cryptography myths persist.
Cognizant estimates that the April ransomware attack that affected its internal network will cost the IT services firm between $50 and $70 million, according to the company's latest financial report. The company has said that the Maze ransomware gang was behind the attack.