Weekend Reads 022522

To some degree, cyber AI suffers from the pressures exerted by the quest for never-ending sales growth.

The websites for several banks in Ukraine, the Ministry of Defense, and Armed Forces were hit with a distributed denial-of-service (DDoS) attack on Feb. 15.

Threat actors are using software and developer infrastructure, platforms, and providers as valuable entry points into governments, corporations, and critical infrastructure.

Cybercriminals and nation-state actors adapted to defenders’ tactics and became more efficient in 2021, with attackers relying more on data leaks combined with ransomware to extort increasing sums of money from companies — and in some cases using data leaks without encrypting data to force a company to pay, according to two analyses published this week.

Cloud and multi-cloud adoption has greatly increased the workload of already burdened IT teams. Of the 200 IT leaders surveyed, only about half of the respondents said that they are adequately staffed to manage the frequency of alerts they receive.

Imagine that you run an organization out of a building. Imagine that the landlord comes one day and says, “Oh I didn’t know you are a resident of country X or dealing with anybody from country X. I have to close this place down right now.” And then you are done. You don’t have an organization anymore.

But hybrid and remote work doesn’t happen only in the privacy of people’s homes. It happens in public places like coffee shops and hotel lobbies. These locations present privacy risks that your company today may not address, such as unsecured public Wi-Fi networks and possible exposure of company secrets on workers’ screens.

The practice of blurring out text using a method called pixelation may not be as secure as previously thought.

This post summarizes our experiences securing the Registration Data Access Protocol (RDAP) service of ccTLD .it by integrating with OpenID Connect (OIDC).

Credential phishing haunts our customers day in and day out in the web2 world, which is the version of the internet that most of us are familiar with and use today.

VMware on Tuesday patched several high-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service (DoS) condition.

The enterprise help desk has long been a favorite target for those seeking to use social engineering schemes as a way of penetrating an organization’s cyber defenses.

Romance-themed malicious campaigns are launched throughout the year, but days leading up to Valentine’s Day could be particularly timely for such activities.

Advances in cybersecurity have come fast and furious in recent years. Yet, despite all the gains, there has never been more pain. Hacking, cracking, and attacking techniques are more sophisticated than ever, and more and more organizations are succumbing to breaches and breakdowns.

In order to prevent credential theft from phishing attacks, there is a push for multi-factor authentication (MFA).