Cybersecurity

Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit, and information technology entities in the nation, attributing the intrusions to an...

With new threats disrupting business operations and an increasingly strict regulatory environment, security is no longer a risk mitigation activity or a growth inhibitor. Rather, information security is increasingly being viewed as strategic business enabler for the enterprise. That is evident in IDG's 2022 State of the CIO Survey, where IT leaders and line of business (LOB) executives were asked which technologies they expected to have...

Many organizations accelerated digital transformation in response to COVID-19 to remain resilient and competitive, with heavy investments in the cloud. This trend will continue well beyond the initial stages of the pandemic, with IDC's spending forecast on "whole cloud" services to surpass $1.3 trillion by 2025. Unfortunately, side effects from these expanded architectures include enhanced risk of shadow IT and unauthorized cloud access, as well as...

Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases as part of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C specification called private network...

There are three major players when it comes to patch management: security analysts, IT professionals, and attackers. And unfortunately, there is usually a lot of friction between the security and IT teams, preventing them from successfully defending against the attackers. This leads to an asymmetric threat where an attacker only needs to know one weakness or vulnerability to be successful, while the defenders must know...

Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans (RATs) such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. The spear-phishing attacks, which commenced in October 2021, have primarily targeted entities located in the U.S., Canada, Italy, and Singapore, researchers from Cisco Talos said in a report shared with...

We now live in a world where cyberattacks can shut down critical infrastructure. Those who follow the mega-trends driving the global economy — like the convergence of the digital revolution and the energy transition — understand that with more and more critical infrastructure remotely operated or digitally managed, it was only a matter of time before a cyberattack caused disruptions that crossed over into the...