Data Breaches

The developer of the recently exploited MOVEit Transfer application issued new updates after a third-party security audit identified additional SQL injection vulnerabilities. Customers are advised to deploy the new patches as soon as possible since attackers are clearly interested in exploiting this and other enterprise secure file transfer solutions. “In addition to the ongoing investigation into vulnerability (CVE-2023-34362), we have partnered with third-party cybersecurity experts to conduct further detailed code reviews as an added layer…

Read More

Okta said Tuesday that it’s set to launch a new offering, Okta Device Access, designed to extend the capabilities of its cloud-based identity and access management (IAM) service to enterprise desktops and other devices in hybrid work environments. The application, according to the company, aims to simplify logins while also offering stronger authentification features and achieving a zero trust security environment. Okta Device Access, deployed as part of Okta’s Workforce Identity Cloud service, will  launch…

Read More

Tension between difficult economic conditions and the pace of technological innovation, including the evolution of artificial intelligence (AI), is fueling the growth of the identity attack surface and identity-led cybersecurity exposure. That’s according to the CyberArk 2023 Identity Security Threat Landscape Report, which details how these issues have the potential to compound “cyber debt” where investment in digital and cloud technology outpaces cybersecurity spend. This create a rapidly expanding and unsecured identity-centric attack surface. The…

Read More

What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence,…

Read More

In a campaign that exploits the relationships between different organizations, attackers managed to chain business email compromise (BEC) against four or more organizations jumping from one breached organization to the next by leveraging the relationships between them. The attack, which Microsoft researchers call multi-stage adversary-in-the-middle (AiTM) phishing, started with a compromise at a trusted vendor and targeted organizations from the banking and financial services sectors. “This attack shows the complexity of AitM and BEC threats,…

Read More

BlackBerry CISO Arvind Raman looks beyond job titles when he has open positions to fill and instead focuses on the key skills required to do the work. That mindset allows Raman to readily identify and recruit qualified professionals from outside the security field, instead of simply seeking candidates working their way up the typical chain of security roles. For example, he has hired finance professionals for risk- and compliance-related work and marketing pros for awareness…

Read More

Cycode’s new Cimon monitoring tool for continuous integration and continuous delivery is designed to offer a new level of visibility into the CI/CD process, securing code against data exfiltration and other malicious activity. According to the company’s announcement, Cimon — short for CI Monitor — is a runtime security agent that uses the enhanced Berkeley Packet Filter (eBPF) system to look directly into the CI pipeline, develop a baseline understanding of what normal behavior looks…

Read More

In my last CSO article, I detailed cybersecurity professionals’ opinions on the characteristics of a mature cyber-threat intelligence (CTI) program. According to ESG research, the top attributes of a mature CTI program include dissemination of reports to a broad audience, analysis of massive amounts of threat data, and CTI integration with lots of security technologies. Alas, most CTI programs are far from mature, but this may change over the next few years as most enterprise…

Read More