Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. “By exploiting this flaw, attackers can gain unauthorized access to any user’s account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf – […]
Category Archives: News
Report looks to help mid-market organizations manage their expanding Software as a Service (SaaS) environments SEATTLE – Jan. 28, 2025 – Mid-market organizations today are engaged in a unique balancing act, where they are required to manage and defend a growing digital footprint, but lack the deep pockets and vast resources of their larger counterparts. […]
Originally published by Illumio.Written by Christer Swartz, Solutions Marketing Director, Illumio.According to Gartner, “By 2026, 60% of enterprises working toward zero trust architecture will use more than one deployment form of microsegmentation, which is up from less than 5% in 2023.” Microsegmentation is foundational to zero trust. You can’t achieve zero trust without it. In […]
Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This blog explores how an AI SOC Analyst transforms alert management, addressing key SOC challenges while enabling faster investigations and responses. […]
Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar. “ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely,” Sygnia
While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them
DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it’s restricting registrations on the service, citing malicious attacks. “Due to large-scale malicious attacks on DeepSeek’s services, we are temporarily limiting registrations to ensure continued service,” the company said in an incident report page. “Existing users […]
Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to […]
A Little Sunshine, Alfa Bank, David Sacks, House Judiciary Committee's Select Subcommittee on the Weaponization of the Federal Government, Jack Goldsmith, Joe Hall, John Durham, Krebs, Lawfare, Melania Trump, Michael Sussman, News, President Trump, Quinta Jurecic, Rep. Jim Jordan, Security, The Coming Storm, United States Council on Transnational Organized Crime, World Liberty Financial
A Tumultuous Week for Federal Cybersecurity Efforts
27
Jan
Jan
Image: Shutterstock. Greg Meland. President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybersecurity posture. The president fired all advisors from the Department of Homeland Security’s Cyber Safety Review Board, called for the creation of a strategic cryptocurrency reserve, and voided a […]
27
Jan
Jan
The 2024 holiday season revealed a complex and evolving threat landscape for Distributed Denial-of-Service (DDoS) attacks. This year’s trends included advanced tactics such as an increase in DDoS-for-hire operations, the assembly of massive DDoS botnets by script kiddies, politically motivated attack campaigns, and the bypass of CDN (Content Delivery Network) protections among other evolving threats. […]