Why You Need to Wake Up to API Security Vulnerabilities

Anna Delaney • February 7, 2023

APIs represent the best and worst of times - "massive amounts of business value, but massive amounts of unmitigated risk," says Richard Bird, CSO, Traceable AI. In the past year, misconfigured or error-prone APIs resulted in high-profile breaches at Twitter and T-Mobile. He sees more on the horizon.

►

Business Email Compromise (BEC)

Microsoft-Verified OAuth Apps Used to Infiltrate Inboxes

Latest

Governance & Risk Management

Fortinet Weathers Economic Storm By Helping Users Cut Costs

Michael Novinson • February 7, 2023

Fortinet has blunted the impact of the economic downturn by helping customers consolidate their security footprint and add protection in areas like OT, WiFi and SD-WAN. CEO Ken Xie says Fortinet's ASIC chip allows the company to take market share from rivals while delivering superior performance.

Governance & Risk Management

Claudia Plattner Picked as New Head of Germany's BSI

David Perera • February 7, 2023

The German government selected a new president for the Federal Office for Information Security, better known as BSI. Claudia Plattner, currently serving as the European Central Bank's director general of information systems, is set to lead the agency starting on July 1.

Governance & Risk Management

Mergers and Acquisitions in Healthcare: The Security Risks

Marianne Kolbasuk McGee • February 7, 2023

During the height of the coronavirus pandemic, mergers and acquisitions in the healthcare sector slumped, but they now appear to be slowly rebounding. What does this mean in terms of potential security risks that organizations undergoing consolidation face?

Business Continuity Management / Disaster Recovery

Microsoft Experiences Second Major Cloud Outage in 2 Weeks

Mathew J. Schwartz • February 7, 2023

Microsoft suffered its second major outage in less than two weeks, as users in North America and beyond were left unable to send, receive or search emails via Outlook.com and unable to access some additional functionality, including calendar APIs. Microsoft blamed unspecified "recent changes."

Business Continuity Management / Disaster Recovery

LockBit Group Goes From Denial to Bargaining Over Royal Mail

Mathew J. Schwartz • February 7, 2023

The LockBit group has gone from denying it had any involvement in the ransomware attack on Britain's Royal Mail to trying to bargain for a ransom. The ransomware group's site now lists Royal Mail as a victim and demands it pay a ransom or see stolen data get dumped.

Endpoint Security

'PixPirate' Banking Trojan Targets Brazilian Pix Users

Prajeet Nair • February 6, 2023

An Android banking Trojan is targeting Brazilian adopters of an instant payment platform known as Pix, marking another foray by the South American country's criminal underground into digital larceny. Brazil has been a hotbed of Trojan activity perpetuated by domestic cybercriminals.

Identity & Access Management

Trusona Exec Goldman on Bringing Usability to Authentication

Michael Novinson • February 6, 2023

Security practitioners are putting cognitive psychology and customer experience at the forefront of new product development in a push for usability, says Trusona's Kevin Goldman. Getting user experience designers familiar with products allows them to speak meaningfully with the security team.

Fraud Management & Cybercrime

BlackBasta Blamed for Global Attacks on VMware ESXi Servers

Akshaya Asokan • February 6, 2023

The Italian cybersecurity agency says at least a dozen hacks against unpatched VMware ESXi servers in the country are likely tied to the BlackBasta ransomware group. Investigators say the ransomware campaign may have hit thousands of organizations worldwide since Thursday.

Cybercrime

Notorious Finnish Hacker 'Zeekill' Busted by French Police

Mathew J. Schwartz • February 6, 2023

French police arrested hacker Aleksanteri Kivimäki, 25, who's suspected of hacking and extorting a Finnish mental health service provider, leaking patient data and extorting 25,000 patients. The suspect was formerly convicted of disrupting thousands of websites when he was a teenager.

Attack Surface Management

CrowdStrike CEO on Why It's Tough to Defend Sensitive Assets

Michael Novinson • February 3, 2023

Organizations today struggle with both new attack surface challenges such as cloud configuration and exposed buckets and long-standing ones around vulnerable ports and infrastructure. CEO George Kurtz says CrowdStrike's recent purchase of Reposify will help customers defend their priority assets.

Attack Surface Management

IBM Security GM on Seeing a Target Through the Hacker's Eyes

Michael Novinson • February 3, 2023

Companies can be blinded by their inside-out view and often benefit from another set of eyes that see their business the same way an attacker would, says IBM's Mary O'Brien. IBM's acquisition of attack surface management firm Randori gives clients another view of areas that need to be remediated.

Network Firewalls, Network Access Control

Jeetu Patel on Having a Consistent Design at Cisco Security

Michael Novinson • February 3, 2023

Cisco plans to debut a common design language across its network and security offerings so that products such as Cisco Meraki and Umbrella will no longer look or feel different from one another, says Jeetu Patel, executive vice president and general manager for security and collaboration at Cisco.