Several months ago, Netskope Threat Labs uncovered a surge in PDF phishing attachments infiltrating Microsoft Live Outlook. These attacks were part of a larger series of phishing campaigns aimed to trick unsuspecting users. Upon closer examination, it's now apparent that the majority of these campaigns centered around Amazon-themed scams, with occasional diversions into Apple and IRS-themed phishing attempts.

It’s not unlikely that your team has a sufficient amount of vulnerability data that they must assess, prioritize, and remediate. Whether that’s a newly discovered vulnerability, an expired SSL certificate, or even a security policy breach – security teams need to get all this data into one place. For AppSec and ProdSec teams to be successful, they need to know which of their assets are exposed and vulnerable so they can take action to enable faster remediation.

On October 26, 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability (CVE-2023-46747) in BIG-IP’s Traffic Management User Interface (TMUI). If successfully exploited a threat actor with network access to the vulnerable system could bypass the configuration utility authentication and execute arbitrary system commands. CVE-2023-46747 is exploitable if the Traffic Management User Interface is exposed to the Internet.

Whether you’re in the market for a new password manager or looking to try a password management platform for the first time, you’ve likely come across both 1Password and Dashlane in your research.

A SOC analyst role is equal parts fulfilling and overwhelming. On one hand, the landscape is dynamic and the work is critical to protecting organizations. On the other, the weight of continual responsibility can lead to stress, anxiety, and cybersecurity burnout. Understanding the importance of your mental health is crucial to maintaining productivity and preventing cybersecurity burnout.

Three security issues were reported on October 27th by the Kubernetes security community, all of them related to the popular NGINX ingress component.

Ekran System is partnering with Hideez to enhance the authentication process and improve user experience. As an alternative to two-factor authentication, our customers can now use a straightforward passwordless authentication method developed by Hideez. Thanks to this integration, you can streamline and consolidate logins for local desktops, remote desktop connections, virtual environments, and cloud infrastructures, while boosting your team’s efficiency and satisfaction.

If software is an important part of your business and you need to comply with license terms and protect against security vulnerabilities, you need to know and track what is inside your software. Lists of software components and dependencies are typically referred to as Software Bills of Materials (SBOMs).

Despite increasing cybersecurity awareness across the industry, Life Sciences firms continue to experience significant cyberattack volume. In fact, published reports indicate that average Life Sciences data breach now costs more than $5 million, while Life Sciences and Healthcare organizations perennially top the annual list of data breach costs by industry.

Artificial intelligence (AI) is the hot topic of the moment, so we asked Tanium Executive Advisory Board member Larry Godec for his thoughts on generative AI in general and its more well-known applications, such as ChatGPT. Larry is the former CIO of First American Financial and a trusted advisor on AI topics to some of the world’s largest enterprises.