The Tangled Web of IR Strategies
April 21 2023Attackers have their methods timed to the second, and they know they have to get in, do their damage, and get out quickly. CISOs today must detect and block...
Read more3CX Breach Was a Double Supply Chain Compromise
April 21 2023We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk...
Read moreA bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail,...
Read moreThe Open Source Security Foundation's SLSA v1.0 release is an important milestone in improving software supply chain security and providing organizations with the tools they need to protect their...
Read moreThe new Security Legal Research Fund and the Hacking Policy Council are aimed at protecting "good faith" security researchers from legal threats and giving them a voice in policy...
Read moreRed Canary Announces Readiness
April 21 2023Mandiant found that North Korea's UNC4736 gained initial access on 3CX's network when an employee downloaded a weaponized but legitimately-signed app from Trading Technologies.
Read moreMajor US CFPB Data Breach Caused by Employee
April 21 2023The sensitivity of the personal information involved in the breach has yet to be determined by agency officials, but it affects 256,000 consumers.
Read more
Recent Comments