-
10,000 organisations targeted by phishing attack that bypasses multi-factor authentication
PRIVACY PRIVACY Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. Read more in my article on the Tripwire State of Security blog. Read More
-
Keeper Connection Manager : Privileged access to remote infrastructure with zero-trust and zero-knowledge security
PRIVACY PRIVACY Graham Cluley Security News is sponsored this week by the folks at Keeper Security. Thanks to the great team there for their support! IT and DevOps teams were presented with new challenges with the mass-migration to home working, and found themselves forced to perform infrastructure monitoring and management remotely. What is clearly needed…
-
CIS-CAT Pro Results Focus on CIS Controls IG1
PRIVACY PRIVACY CIS-CAT Pro Assessor now offers a new filter in the HTML report that allows organizations to focus on IG1 recommendations. Read More
-
New Browser De-anonymization Technique
PRIVACY PRIVACY Researchers have a new way to de-anonymize browser users, by correlating their behavior on one account with their behavior on another: The findings, which NJIT researchers will present at the Usenix Security Symposium in Boston next month, show how an attacker who tricks someone into loading a malicious website can determine whether that…
-
Fewer Fall Victim to Data Breaches as Attackers Switch to Business in 2022
PRIVACY PRIVACY The ITRC reports a decline in publicly reported breaches in H1 2022 Read More
-
State-Sponsored Hackers Targeting Journalists
PRIVACY PRIVACY APT groups targeting media outlets to gain sensitive information Read More
-
New speculative execution attack Retbleed impacts Intel and AMD CPUs
PRIVACY PRIVACY Researchers have discovered a new attack technique that exploits the speculative execution feature of modern CPUs to leak potentially sensitive information from the kernel’s memory. The attack circumvents some of the software defenses some operating systems put in place to prevent previous exploits of this nature. The attack, dubbed Retbleed by researchers from…
-
ICO Calls for Review of Government “Private” Messaging
PRIVACY PRIVACY The ICO found that the use of WhatsApp and other messaging services in government carries significant risks Read More
-
New Flashpoint offering automates incident response workflows
PRIVACY PRIVACY A new low-code security automation platform designed for ease of use was introduced Tuesday by Flashpoint, a threat intelligence company. Called Automate, the platform aims to lower the barriers typically associated with security automation. “Automation solutions can be great, but oftentimes they require a team of engineers or developers, sometimes both,” explains Flashpoint…
-
How startup culture is creating a dangerous security gap in new companies
PRIVACY PRIVACY This is the first part of a three-blog series on startup security. Software vulnerabilities are the bane of every security team. A newly discovered vulnerability can turn a crucial software product into a ticking timebomb waiting to be exploited. Security practitioners and IT teams tasked with protecting their organizations must identify and mitigate…