What Is CIEM? The Ins and Outs of This Least Privilege Access Solution
Every security professional is familiar with the three pillars of security: people, processes, and technology. They all need to work together to maintain a safe, secure environment — if...
Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration
A critical vulnerability in Zoho’s widely used compliance tool, ManageEngine ADAudit Plus, which monitors changes to Microsoft Active Directory, leaves endpoints vulnerable to unauthenticated users. A successful exploit could...
Exchange Servers Backdoored Globally by SessionManager
Attackers once focused on exploiting ProxyLogon Microsoft Exchange server vulnerabilities have made a pivot to the new SessionManager backdoor, which can be used to gain persistent, undetected access to emails...
API Security Losses Total Billions, But It’s Complicated
US companies face a combined $12 billion to $23 billion in losses in 2022 from compromises linked to Web application programming interfaces (APIs), which have proliferated with the increased...
18 Zero-Days Exploited So Far in 2022
So far this year, a total of 18 security vulnerabilities have been exploited as unpatched zero-days in the wild, according to an analysis – and half of those were...
SolarWinds creates new software build system in wake of Sunburst attack
SolarWinds became the poster child for attacks on software supply chains last year when a group of threat actors injected malicious code known as Sunburst into the company's software...
Key takeaways from CSA’s SaaS Governance Best Practices guide
SaaS governance and security is gaining attention among IT and security leaders. This is good, given that organizations are using exponentially more software-as-a-service (SaaS) than infrastructure-as-a-service (IaaS) offerings. Large...
Infamous North Korean hacker group identified as suspect for $100M Harmony attack
The Lazarus Group, a well-known North Korean hacking syndicate, has been identified as the primary suspect in the recent attack that saw $100 million stolen from the Harmony protocol. According...
Patch Now: Linux Container-Escape Flaw in Azure Service Fabric
Microsoft this week disclosed a serious container-escape vulnerability in its widely used Azure Service Fabric technology, which gives attackers a way to gain root privileges on the host node...
Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data
CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.
The Cybersecurity and Infrastructure Security Agency (CISA) and Coast Guard Cyber Command (CGCYBER) released...
