Uber is probing a hack attack after an intruder appeared to breach multiple internal systems, using the company's Slack messaging app to announce: "I am a hacker and Uber has suffered a data breach." The ride-hailing service has taken multiple systems offline while it investigates.
Aligning internal cybersecurity practices with external third-party risk management is a crucial, to evaluate control effectiveness against both internal and external risks.
Increased threats and more focus on enterprise-wide accountability are impacting TPRM and CPM. External third-party risk mapping to internal...
Chinese state-backed cyber spies developed a Linux variant of a Windows backdoor to target a Hong Kong university after Beijing squashed pro-democracy protests in the city. The threat group, called SparklingGoblin, deployed the custom-built implant in February 2021, Eset researchers say.
WAFs provide a critical security control for managing risk while supporting your financial institution's goals.
As digital transformations that are enabled by apps become business initiatives driven by apps, WAFs must protect all of the organization’s apps—across architectures, clouds, deployment models, and...
Apple issued a patch for a zero-day vulnerability likely exploited in the wild that allows a malicious iPhone app to execute arbitrary code with kernel-level privileges, marking the second smartphone kernel code execution bug fixed by the company in as many months.
Security researchers revealed yet another method for stealing a Tesla although the brand is one of the least-stolen cars and among the most recovered once pilfered. The newest example comes from internet of things security company IOActive in an attack involving two people and customized gear.
Netskope has built out a full SASE stack and helped enterprises secure their physical devices through the recent acquisitions of Infiot and WootCloud. Buying SD-WAN provider Infiot in August will boost the convergence of networking and security and help customers quickly on-ramp users in the cloud.
NortonLifeLock and Avast completed their $8.6 billion merger Monday, forming a $3.5 billion consumer cyber protection behemoth with expertise across security, privacy and identity. The fully merged company will have fewer than 4,000 employees and will initially go to market as NortonLifeLock.
The Lazarus Group, a North Korean advanced persistent threat gang, recently targeted energy companies in Canada, the U.S. and Japan to establish long-term access into victim networks to conduct espionage operations by deploying custom-built malware implants VSingle, YamaBot and MagicRAT.
Organizations must think differently about how to detect adversaries in the cloud rather than merely shifting their on-premises controls. Combining Carbon Black's insights into the endpoint with NSX's ability to see network connections has allowed VMware to more effectively spot lateral movement.
Vulnerabilities in certain medication infusion pump products from manufacturer Baxter could compromise a hospital's biomedical network. The flaws highlight the risks involving the acquisition and disposal of medical technology, says researcher Deral Heiland of Rapid7.
With Microsoft offering a cost-effective and highly integrated security stack that covers endpoint, email, cloud, identity and more, many organizations are replacing their legacy tools with Microsoft’s advanced security stack and getting the most out of their Office 365 investment.
To fully unlock the power of E5,...
Software bills of materials improve the visibility, transparency, security and integrity of proprietary and open-source code in software supply chains. To realize these benefits, software engineering leaders should integrate SBOMs throughout the software delivery life cycle.
Download this report to gain more insights...
Co-founder and CEO Bipul Sinha has grown Rubrik's business with existing customers by more than 40% thanks to the company's unique take on data observability. The data security vendor has emphasized data availability and resiliency in the face of crippling ransomware and extortion-based attacks.