Home

January 20, 2021

Reliance on cloud, APIs create confusion and introduce risk into software development

Businesses are increasingly hosting their applications in public or private clouds while using APIs to speed up the development process. Both shifts come with security implications.

The post Reliance on cloud, APIs create confusion and introduce risk into software development appeared first on SC Media.

January 20, 2021

Last-minute Trump order adds new security regulation to cloud providers

An eleventh-hour executive order will require infrastructure-as-a-service providers to log the identity of foreign clients. The executive order will stand, unless specifically repealed by new President Joe Biden.

The post Last-minute Trump order adds new security regulation to cloud providers appeared first on SC Media.

January 20, 2021

CISO lends voice to MSPs and their small-biz clients in ransomware battle

Ryan Weeks is CISO at Datto, a founding member of the Institute for Security and Technology's new anti-ransomware initiative. He spoke to SC Media about the segment of the business community that he believes to be underserved by efforts to counter ransomware.

The post CISO lends voice to MSPs and their small-biz clients in ransomware battle appeared first on SC Media.

January 20, 2021

With all eyes on the inauguration, lessons in the convergence of physical and digital security emerge

Washington, D.C. is on high alert, extending a special designation for security that always applies to inaugurations to Jan. 21, and calling in the National Guard. But in the wake of the attack on the Capitol, protection of digital assets is paramount.

The post With all eyes on the inauguration, lessons in the convergence of physical and digital security emerge appeared first on SC Media.

January 20, 2021

SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach

Tactics expose the need for organizations to develop cohesive playbooks for breaches affecting hybrid environments.

The post SolarWinds attack opened up 4 separate paths to a Microsoft 365 cloud breach appeared first on SC Media.

January 19, 2021

Fourth SolarWinds malware strain shows diversity of tactics, need to focus on detection, response

Researchers have found a fourth strain of malware – Raindrop – that was used in the SolarWinds supply chain attack, a loader similar to the Teardrop tool. But while Teardrop was delivered by the original Sunburst backdoor in early July 2020, Raindrop was used just under two weeks later for spreading laterally across the victim’s…

The post Fourth SolarWinds malware strain shows diversity of tactics, need to focus on detection, response appeared first on SC Media.

January 19, 2021

7 vulnerabilities in popular DNS forwarding software open door to range of attacks

Researchers at JSOF have discovered distinct spoofing and buffer overflow vulnerabilities associated with DNSMasq, used in networking devices to cache and forward Domain Name System requests.

The post 7 vulnerabilities in popular DNS forwarding software open door to range of attacks appeared first on SC Media.

January 18, 2021

Free cyber career training coursework emerges as a perk in tough times

New complimentary offerings are helping current, aspiring and unemployed infosec professionals gain an upper hand in a down economy, while aiding an industry facing a growing skills gap.

The post Free cyber career training coursework emerges as a perk in tough times appeared first on SC Media.

January 16, 2021

FIN11 e-crime group shifted to CL0P ransomware and big game hunting

FIN11 has increasingly factored CL0P ransomware into its operations, and its clear they also put a substantial amount of effort into each follow-up compromise.

The post FIN11 e-crime group shifted to CL0P ransomware and big game hunting appeared first on SC Media.