Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.
Microsoft is calling security research asserting a high-severity vulnerability exists in Microsoft Azure evidence that customers should better configure their cloud environments. An attacker with an Azure instance could obtain access to company resources by sending customizable HTTP requests.
A U.K. government official on Tuesday touted the potential of a processor designed to prevent memory-based cyberattacks even as he acknowledged commercial hurdles to its widespread adoption. The CHERI processor reduces attack surface, said John Goodacre.
Hackers are targeting clients of artificial intelligence data platform provider Snowflake that lack multifactor authentication, the company warns. Threat actors are compromising organizations’ Snowflake customer tenants by using stolen credentials obtained by info-stealing malware, said Mandiant.
A hacker is selling the purported data of 30 million customers of Spanish multinational bank Santander for $2 million on a criminal online forum the FBI recently attempted to shut down. Sample data posted online suggests the data set is genuine.
Reports say former White House cybersecurity official and cybersecurity executive Jeff Greene will join CISA to replace outgoing official Eric Goldstein as executive assistant director for cybersecurity, although the agency has not confirmed it.
Palo Alto Networks is set to intertwine even more tightly with IBM following a postmarket close announcement Wednesday that the cybersecurity firm will purchase IBM's SIEM business. "We already partner well with Palo Alto on firewalls, on SASE, and other products," said IBM CEO Arvind Krishna.
U.S. law enforcement swept up two people and possibly hundreds of laptops used in scams by North Korean IT workers to obtain remote employment, including as contractors for an unnamed U.S. cybersecurity company. Prosecutors say one scam run by an Arizona woman netted Pyongyang at least $6.8 million.
There's more consolidation in the SIEM market following today's announcement by LogRhythm and Exabeam that they've reached an agreement to merge. Doubters have attempted for years now to write an obituary for the log data analysis SOC mainstay.
An international law enforcement operation shut down BreachForums, a criminal forum where hackers posted and sold the contents of hacked databases. The website of the criminal forum in its clear and dark web domains displays a seizure notice stating that it is "under the control of the FBI."
Microsoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the Qakbot botnet and other hackers actively exploited. The elevation of privilege vulnerability flaw is rated "important" on the CVSS scale.
The Russian national known as LockBitSupp, head of ransomware-as-a-service group LockBit, came under indictment Tuesday in U.S. federal court and faces sanctions from the U.S. Department of the Treasury. Prosecutors say LockBitSupp's real identity is Dmitry Yuryevich Khoroshev.
The U.S. federal government's cybersecurity agency warned that hackers are exploiting a vulnerability in DevOps platform GitLab that was patched in January. The vulnerability allows hackers to use the "forgot your password" function to send a reset link to an attacker-controlled inbox.
Probable nation-state hackers targeted Cisco firewall appliances in a campaign dating to late 2023, the networking giant disclosed Wednesday while releasing three patches, two of them rated critical. Cisco doesn't connect the hackers with a specific country. It dubs the campaign "Arcane Door."
The U.S. federal government instigated a full court press against four alleged Iranian state hackers, unsealing a multi-count criminal indictment, slapping the men with Treasury sanctions and offering a reward of up to $10 million for their capture.
Foundations housing seven large open-source projects are banding together ahead of what they say is a nearly impossible 2027 deadline created by Europe's Cyber Resilience Act - the world's first digital supply chain regulation. European Union lawmakers approved the act in March.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.