Secrets embedded in source code pose a risk to developers and the organizations they work in. Secrets can be used to take over both user and service accounts, which can lead to sensitive data exposure, operational risks, and financial or reputational damage. There are many commercial and open source projects available to detect hardcoded secrets,…

The usage and connectivity of operational technology (OT) is rapidly growing as are the number of cyberattacks on OT environments. These attacks can disrupt operations, causing damage that can reach far beyond revenue and reputation to supply chain, human safety and critical infrastructure. To help companies keep their OT environments secure, Palo Alto Networks today…

The Australian government says it will centralize its approach to securing federal agencies by appointing a coordinator to head the new National Office for Cyber Security within the Department of Home Affairs. The appointment comes after the country down under experienced back-to-back major data breaches. Medibank, Australia’s largest private health insurer, saw Russia-based ransomware hackers…

The Defence Cyber Marvel 2 (DCM2) is the largest training exercise organised by the Army Cyber Association to allow personnel from across the Armed Forces to build their skills within the cyber and electromagnetic domain. This year, 750 cyber specialists have participated in the military cyberwarfare exercise. 34 teams from 11 countries, including India, Italy,…

While Zero Trust is a term that is often misunderstood as well as misused, it is an approach that has real value in helping to reduce systematic cyber risk and improve resiliency. Organizations of all sizes understand that they require a resilient cybersecurity strategy that can support and enable the business even during a crisis,…

As more organizations shift to cloud-native application development to support new business features and digital transformation initiatives, software supply chain issues have become more visible. Because cloud-native development relies so heavily on open source software, organizations have to start thinking about the components that go into these applications. To build these cloud-native applications, developers have…

A Russian national accused by U.S. federal prosecutors of developing an application for decrypting login credentials pleaded not guilty during a first appearance in Tampa federal court. The man, Dariy Pankov – also known as “dpxaker” – faces seven criminal counts including conspiracy, access device fraud and computer fraud. On Wednesday in the courthouse for…

Researchers at Horizon3 cybersecurity firm have released a proof-of-concept exploit for a critical-severity vulnerability, tracked as CVE-2022-39952, in Fortinet’s FortiNAC network access control solution. Last week, Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756, are respectively an external control of…