It isn't that we struggle to define the zero trust security model. It's that we ignore the real challenge, says Jack Miller of Menlo Security. We need to shift our view of authentication and access from "innocent until proven guilty" to "guilty until proven innocent."
The physical breach of the U.S. Capitol by a violent mob, members of which allegedly accessed lawmakers' systems and stole devices, offers cybersecurity professional lessons to learn on authentication, encryption and more, says cybersecurity expert Brian Honan.
A new leaks site claims to be selling data from Cisco, FireEye, Microsoft and SolarWinds that was stolen via the SolarWinds supply chain attack. Security experts question whether the offer is legitimate and note that it parallels previous efforts, including by Russia, designed to foil hack attack attribution.
Documents on COVID-19 vaccines and medications - including some containing personal information - that were stolen in a cyberattack last month on the European Medicines Agency have been leaked on the internet.
Email security provider Mimecast says hackers compromised a digital certificate that encrypts data that moves between several of its products and Microsoft's servers, putting organizations at risk of data loss.
A recently identified mobile remote access Trojan dubbed "Rogue," which exploits Google's Firebase development platform, targets Android devices to exfiltrate personal data and can deliver other malware, according to Check Point Research. The RAT is being offered for sale or rent in darknet forums.
Investigators probing the supply chain attack that hit SolarWinds say attackers successfully hacked the company's Microsoft Visual Studio development tools to add a backdoor into Orion network monitoring security software builds. They warn that other vendors may have been similarly subverted.
Terabytes' worth of posts, images and videos from conservative social media site Parler have been forcibly obtained by security researchers who have archived the material for investigators in the wake of the violent riot at the U.S. Capitol.
A global law enforcement operation has taken down DarkMarket, which Europol describes as the world's largest underground marketplace of illegal goods on the dark web. The market has generated about $170 million in revenue selling drugs, malware, credit cards and more, officials say.
The new year has kicked off with a flurry of data security company acquisition activity; five deals have already been announced. Companies making acquisitions are striving to improve their secure access service edge - or SASE - posture, enter new markets or bolster their technology portfolios.
A vulnerability in a GitHub repository belonging to the United Nations Environment Program exposed over 100,000 employee records, including personally identifiable information, contact details and other sensitive data, according to a group of independent security researchers. The flaw has been patched.
Sentinel Labs researchers have identified an updated version of the cryptominer OSAMiner that targets the macOS operating system to mine for monero. The latest iteration uses new techniques to help prevent detection by security tools.
Many companies claim to be successfully using artificial intelligence for security, but the use cases are still not convincing because the technology is incapable of detecting unknown malware, says Guy Sheppard of SWIFT.