At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain. Until this past weekend, Squarespace’s website had an option to l
security (11)
VikingCloud recently released new research revealing 40% of cyber teams have not reported a cyber incident out of fear of losing their jobs, a disclosure that signifies a serious underreporting of cyber breaches globally. This trend also leaves businesses at risk of being non-compliant with emerging industry regulations, as well as vulnerable to rising attacks, reported in the survey to have both increased in frequency for 49% of companies and severity for 43% in the past 12 months.
The data ga
Microsoft has recently declared that security will now be the company's topmost priority "above all else," even taking precedence over shipping new product features and capabilities. This commitment to making security job #1 comes on the heels of a string of incidents, including a major breach disclosed just two months ago, where Russian state-sponsored hackers tracked as Midnight Blizzard or Nobelium gained disturbing levels of access to Microsoft's internal systems and source code repositorie
The Colonial Pipeline ransomware infection has become a cautionary story about how ‘borking’ critical infrastructure can cause real-world pain, with fuel shortages leading to long lines and fistfights breaking out at gas stations. Or as Jen Easterly, boss of the US Cybersecurity and Infrastructure Security Agency, warned Congress recently, "Societal panic and chaos."
The CISA Director and other security and law enforcement chiefs stressed the reality in which nation-states operating against Ame
The economic downturn predicted for 2023 will lead to layoffs but cybersecurity workers will be least affected, says the latest (ISC)² report. Also, as soon as things get better, they will likely be the first ones to get (re)hired. Execs have finally realized the importance of cyber security.
There have been massive layoffs by tech and other companies in the last few months. In December 2022, (ISC)² polled 1,000 C-suite executives from Germany, Japan, Singapore, the UK and the US about whether
Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line.
There are two main reasons why regular pen testing is necessary for secure web application development – Security: Web applications are constantly evolving, and new vulnerabilities are being discovered all the time. Pen testing helps identify vulnerabilities that could b
First coined by Lebanese-American thought leader Nassim Nicholas Taleb, the term “black swan” refers to unexpected global events that have a profound effect on society. Some are beneficial, like the invention of the printing press; and others are destructive, such as the subprime crisis in 2008. But they have all altered the course of history.
In recent years, we have bore witness to a surge of black swan events, and they continue to emerge in real time. They have affected every facet of our l
In the era of digitization and ever-changing business needs, the production environment has becomes more attractive. Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface. This dramatically increases the need to define an exposure management strategy.
To keep up with business needs while effectively assessing and managing cybersecurity risk, there are two primary elements that
Poor results reflect that (87%) of US defense contractors are failing to meet basic cybersecurity regulation requirements, according to research commissioned by CyberSheath. The survey of 300 US-based Department of Defense (DoD) contractors found that just 13% of respondents have a Supplier Risk Performance System (SPRS) score of 70 or above. Under the Defense Federal Acquisition Regulation Supplement (DFARS), a score of 110 is required for full compliance. So, a school grade of “C”, a score of
New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge. The two unpatched issues, tracked under the identifiers CVE-2021-39276 (CVSS score: 5.3) and CVE-2021-39277 (CVSS score: 5.7), were discovered and reported by cybersecurity firm Rapid7 in May 2021 with a 60-day deadline to fix the
A password, sometimes called a passcode, is secret data and is typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but due to the large number of password-protected services that a typical individual accesses, this can make memorization of unique passwords for each service (nearly) impractical.
Using the terminology of the US-based NIST Digital Identity Guidelines, the secret is held by a party called the claimant