Vietnamese security firm GTSC published a blog post this week warning of a new zero-day remote code execution (RCE) flaw in Microsoft Exchange Server, which it said has been actively exploited at least since early August. GTSC submitted the vulnerability to the Zero Day Initiative, which verified two flaws on September 8 and 9: ZDI-CAN-18333 […]
The post Symantec, GTSC Warn of Active Microsoft Exploits appeared first on eSecurityPlanet.
With two high-profile breaches this year, Okta, a leader in identity and access management (IAM), made the kind of headlines that security vendors would rather avoid. After seeing headlines like these, some executives and customers lose faith that multifactor authentication (MFA) technology, particularly Okta’s, will protect their organizations, but should they? The tech world defines […]
The post Okta ‘Breaches’ Weren’t Really Breaches appeared first on eSecurityPlanet.
Cybercriminals learn quickly. In a couple of decades’ time, they’ve gone from pretending to be Nigerian princes to compromising the entire software supply chain, and every day brings news of a new attack technique or a clever variation on an old one. Incidents like those that rattled SolarWinds and Kaseya and their downstream customers changed […]
The post Supply Chain Hacks Have Partners Pentesting Each Other appeared first on eSecurityPlanet.
For years the tech industry has promised a shift toward a passwordless future. In 2013, for example, the FIDO Alliance was created to solve the world’s password problem by replacing login technology. Google, Paypal, and Lenovo were among the original FIDO founding members. By 2015, Microsoft joined, and in 2020, Apple followed. The road to […]
The post The Challenges Facing the Passwordless Future appeared first on eSecurityPlanet.
Between a plunging stock market, rising interest rates and a slumping economy, raising venture capital has not been easy this year. This has even been the case for high-priority categories like cybersecurity. According to data from PitchBook, venture capital investments have reached about $13.66 billion so far this year, down significantly from $26.52 billion in […]
The post Where VCs Are Investing in Cybersecurity appeared first on eSecurityPlanet.
Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery (CI/CD) compromises, or basic web exploitation of outdated dependencies, there are many software supply chain attacks adversaries can perform to take down their victims, hold them to ransom, and exfiltrate critical data. It’s often more efficient to attack a weak link in the […]
The post Software Supply Chain Security Guidance for Developers appeared first on eSecurityPlanet.
For years, the U.S. Securities and Exchange Commission (SEC) strongly advised public companies to improve their cybersecurity. However, after minimal corporate adoption of stronger cybersecurity, the SEC has drafted rules to require more formal cybersecurity reporting and disclosure. This requirement copies the strategies of previous legislation that dramatically improved financial reporting for both public and […]
The post New SEC Cybersecurity Rules Could Affect Private Companies Too appeared first on eSecurityPlanet.
Trellix security researchers have revealed a major vulnerability in the Python tarfile library that could be exploited in software supply chain attacks. The researchers believe it could be used against organizations at scale, which could lead to attacks as serious as the one that hit SolarWinds two years ago. Perhaps more troubling is that the […]
The post Unpatched Python Library Affects More Than 300,000 Open Source Projects appeared first on eSecurityPlanet.
During a cyberattack, time is of the essence for both attackers and defenders. To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files. The features […]
The post Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times appeared first on eSecurityPlanet.
Fraud is one of the most prevalent vulnerabilities in the modern world. According to the FTC, over 28 million fraud reports were filed by consumers, resulting in more than $5.8 billion in reported fraud in 2021 alone. This is more than a 70% increase over 2020. Businesses are also at risk of fraud attempts. PwC’s […]
The post Best Fraud Management Systems & Detection Tools in 2022 appeared first on eSecurityPlanet.