Splunk: Cybersecurity Dynamics Rapidly Changing

A survey of 1,520 cybersecurity and IT leaders published today found more than half (52%) reporting their organization suffered a data breach in the past two years, with 62% experiencing monthly unplanned downtime attributable to a cybersecurity incident. The survey, conducted by Enterprise Strategy Group (ESG) on behalf of Splunk, ... Read More

Sysdig Details Proxyjacking Attack Leveraging Log4j Vulnerability

Sysdig today published a report that described how cybercriminals are exploiting the Log4j vulnerability to gain access to IP addresses that are then sold to entities that resell them. Dubbed proxyjacking, the attacks enable cybercriminals to resell bandwidth to providers of proxyware services that allow someone to hide their physical ... Read More

White House Moves to Address Software Supply Chain Security

No one wants a repeat of the SUNBURST cyberattack, but without any action to improve cybersecurity within the software supply chain, another SUNBURST—or worse—attack is inevitable. And we still may see a devastating attack that takes down critical infrastructure or cripples major business systems, but at least there are steps ... Read More

NTT Taps Microsoft to Provide MDR Service

NTT Ltd has launched a managed detection and response (MDR) security service based on Microsoft Sentinel, a security information event management (SIEM) platform hosted in the Azure cloud service. The NTT MDR service collects data from any user, device, application and infrastructure platform from any on-premises or cloud computing environment ... Read More

Prepare for the Security Resilience Onslaught

As we get ready for the upcoming RSA Conference, I gave some thought to what the industry marketing machinery will be hyping, and in looking at my inbox for clues, I saw a clear trend. ‘Security resilience’ bubbled to the top as another buzzword in the increasingly jargon-riddled world of ... Read More

Show Me the Coverage: Ransomware Actors Demand Cyberinsurance Policies

The landscape of cybersecurity threats is continuously evolving, and ransomware attacks have emerged as a significant concern for organizations of all sizes. In a ransomware attack, cybercriminals encrypt the victim’s files, rendering them inaccessible and demand a ransom in exchange for the decryption key. This extortion method has proven lucrative ... Read More

Survey: Reactionary Cybersecurity is Misaligned With Business Goals

A global survey of 409 cybersecurity and IT decision-makers from companies with at least 250 employees suggested that while there is a lot more attention being paid to aligning cybersecurity strategy with business goals, most organizations are still spending most of their time reacting to events rather than achieving specific ... Read More

After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key

In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week. “Out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations ... Read More

Noname Security Extends Reach of API Security Platform

Noname Security this week extended the reach of its platform for securing application programming interfaces (APIs) to make it easier to discover APIs and visualize the workflows that revolve around them. Specifically, the company has added to the Noname Security Runtime Protection platform an ability to customize discovery and more ... Read More