Beware the tools that can bring risk to a Windows network
There are a few essential questions that anyone maintaining security on a Windows network needs to ask right now to avoid engaging in some very risky behavior, but there’s one that may be the most important of all — are you aware of tools in your network that may be bringing more risk? Many of…
Cisco Talos analyzes attack chains, network ransomware tactics
As ransomware continues to be the scourge of enterprise security teams, Cisco’s Talos security intelligence group recently analyzed ransomware groups to identify common techniques and offer recommendations to help security team better protect their businesses. Cisco Talos reviewed 14 prominent ransomware groups between 2023 and 2024 and studied volume of attacks, impact on customers, and…
Evolve data breach impacted upward of 7.64 million consumers
The number of persons affected by a recent data breach at Evolve Bank & Trust exceeds 7.64 million, a document submitted to the Office of the Maine Attorney General this week by the law firm representing the financial services organization reveals. According to the document, the breach occurred on February 9, but was not discovered…
Cisco adds heft to cybersecurity push with acquisitions, new talent
With new leadership, key acquisitions, and a platform-based vision, Cisco is betting big on security. Cisco’s dominance in networking and telecommunications products and services is well established, but its role in cybersecurity is less cemented. It has provided security software and network security appliances for some time, and it’s one of the dominant players in…
AI agents can find and exploit known vulnerabilities, study shows
Researchers at the University of Illinois gave a team of autonomous AI agents a CVE description of a vulnerability and the agents were able to autonomously find and exploit the vulnerability in a test environment in April. Two months later, the same researchers showed that those teams can now find and exploit previously unknown vulnerabilities….
Infinidat Revolutionizes Enterprise Cyber Storage Protection to Reduce Ransomware and Malware Threat Windows
Infinidat, a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of ransomware and malware attacks. Infinidat’s InfiniSafe® Automated Cyber Protection (ACP) is a first-of-its-kind cybersecurity integration solution that is designed to reduce the threat window of cyberattacks, such…
Pegasus can target government and military officials
The controversial spyware Pegasus and its operator, the Israeli NSO Group, is once again in the news. Last week, in documents filed in a judgment between NSO and WhatsApp, they admitted that any of their clients can target anyone with their spyware, including government or military officials because their jobs are inherently legitimate intelligence targets….
Criminals, too, see productivity gains from AI
Cyber criminals are beginning to use artificial intelligence to make their operations more effective — and their use goes way beyond creating better bait for phishing. Just as in legitimate business, discussions about AI among criminals have accelerated this year compared to 2023, researchers from cybersecurity group Intel 471 reported in a new study published…
Cloud access security brokers (CASBs): What to know before you buy
As the name suggests, a cloud access security broker (CASB) manages access between enterprise endpoints and cloud resources from a security perspective. CASBs can be deployed on-premises or in the cloud; as a hardware appliance or software-only, as a proxy, reverse proxy, or through specific APIs. Enterprises have untold numbers of endpoints, both managed (corporate-owned…
Critical flaw found in Fluent Bit cloud services monitoring component
Security researchers at Tenable have discovered a potentially critical memory corruption vulnerability in Fluent Bit, a core component in the monitoring infrastructure of many cloud services. The vulnerability, dubbed Linguistic Lumberjack and tracked as CVE-2024-4323, stems from coding flaws within Fluent Bit’s built-in HTTP server. Left unresolved the vulnerability could lead to denial of service,…
