Recent supply chain attacks prompted cybersecurity professionals, under the auspices of Cybersecurity Collaborative, to stand up a task force focused on minimizing third-party risk. The need for the Third-Party Risk Task Force, which kicked off this week, has been amplified by recent advanced persistent threat attacks that infiltrated corporate and government networks, due to security…
The number of SolarWinds victims will likely grow in the upcoming months, but direct insured costs should remain close to the current estimate since many of the organizations hit – particularly federal agencies – do not carry insurance against cyber risks.
Threat actors have used a variety of tactics and techniques—including phishing, brute force login attempts, and possibly a so-called “pass-the-cookie” attack that bypassed multifactor authentication to exploit cloud security weaknesses.
The software essentially exempted Apple's own programs from being routed through its Network Extension Framework, which the company created for third-party security products to monitor and filter network traffic.
Google’s Project Zero this week introduced a six-part series that offers an analysis of four zero-day vulnerabilities on Windows and Chrome, and known-day Android exploits it found during the team’s extensive research last year.
Over the past two decades, businesses have piled a patchwork of different products and services – multi-factor authentication, single sign-on, identity governance and administration policies and others – on top of their directory. That introduces risk and complexity, says Jumpcloud CEO Rajat Bhargava.
Nicolas Reys of Control Risks spoke with SC Media about how companies can position themselves to rebound from a year complicated by the pandemic, climate change challenges and deteriorating U.S.-China relations.