Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery (CI/CD) compromises, or basic web exploitation of outdated dependencies, there are ...
Continuous integration and development (CI/CD) pipelines are the most dangerous potential attack surface of the software supply chain, according to NCC researchers.
The presentation at last week's...
Many of the basic principles for securing a data lake will be familiar to anyone who has secured a cloud security storage container. Of course, since most commercial data lakes build off of existing ...
Even the most advanced and sophisticated security tools are failing to protect against ransomware and data exfiltration, according to a new report from data encryption vendor Titaniam.
The St...
A presidential executive order mandating a zero trust strategy for federal agencies has raised the profile of the cybersecurity technology and prompted many non-government IT security managers to co...
MITRE has released its latest list of the top 25 most exploited vulnerabilities and exposures found in software.
The MITRE CWE list is different from the product-specific CVE lists from the U.S. C...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is recommending that government agencies and private organizations that use Microsoft's Exchange cloud email platform migrate users an...
Cybersecurity researchers have found more than 900,000 instances of Kubernetes consoles exposed on the internet.
Cyble researchers detected misconfigured Kubernetes instances that could expose hun...
PowerShell is one of the most common tools used by hackers in "living off the land" attacks, when malicious actors use an organization's own tools against itself.
This week, U.S. cybersecurity age...
In a sequence that suggests cloud services may be more vulnerable than many think, Proofpoint researchers have demonstrated how hackers could take over Microsoft 365 accounts to ransom files stored o...