Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover-Up
Sullivan was arrested and charged with two felonies: obstruction of justice and misprision. During his tenure as Chief Security Officer (CSO) at Uber (April 2015–November 2017), the firm suffered a data breach in which over 50 million customers and drivers’...
Windows Mark of the Web Zero-Days Remain Patchless
Microsoft’s Mark of the Web (MOTW) is a security feature that prevents malicious files and attachments from being downloaded or opened. However, two independent vulnerabilities exist in various versions of Windows that allow attackers to bypass this protection....
Are You Ready for the New ISO 27001:2022?
This year has seen the first significant update to ISO 27002 since 2013. These modifications reflect in Annex A’s security controls for organizations with ISO 27001 certification. ISO 27001 is a standard for ISMS (information security management systems) that...
SOC 2 Compliance 101: All You Need to Know
Blog SOC 2 Compliance 101: All You Need to Know SOC 2 Compliance 101: All You Need to Know Protecting consumers’ personal information is crucial for modern businesses. SOC 2 is the industry standard for handling this significant responsibility to ensure...
Effects of Cloud Complexities on Cybersecurity
Venafi, a company that makes artificial ID solutions, recently conducted a study to learn more about the effects of cloud complexities on cybersecurity. According to a poll conducted by Venafi among 1,101 security decision-makers (SDMs) at enterprises with over 1,000...
VMware ESXi Hypervisors Vulnerable to a New and Deadly Attack Method
According to the security firm, a threat actor headquartered in China utilized tainted vSphere Installation Bundles to plant multiple backdoors in targeted computers. VMware published urgent new mitigation measures and advice for customers of its vSphere virtualized...
Capital One Phishing Attack Displays a Growing Trend in Bank-Brand Targeting
Phishers keep an eye on the news and use this knowledge to their advantage, as evidenced by the Capital One lures, which took advantage of the bank’s recently formed collaboration with Authentify. Capital One’s recent cooperation with Authentify has been...
US Government Issues Guidance for Software Developers to Secure Software Supply Chain
Blog US Government Issues Guidance for Software Developers to Secure Software Supply Chain US Government Issues Guidance for Software Developers to Secure Software Supply Chain Enhancing the security of the software supply chain is just as important as ensuring that...
Student Loan Breach Exposes 2.5 Million Records
The Oklahoma Student Loan Authority (OSLA) and EdFinancial recently announced that over 2.5 million loanees were the victims of a severe data breach that has compromised their personal information. The target of the attack was a Lincoln, Nebraska-based web portal and...
Microsoft Cloud Providers Move to Ban Basic Authentication
Flaws in the authentication process mean compromised security for businesses that contract with major cloud providers for services, data storage, and protection. One of the most significant weaknesses in their armor occurs when customers are allowed to enter usernames...
