Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In
India's computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within...
2022 Security Priorities: Staffing and Remote Work
A comprehensive security strategy balances technology, processes, and people — and hiring and retaining security personnel and securing the remote workforce are firmly people priorities....
Good News! IAM Is Near-Universal With SaaS
The less-good news: IAM only works for applications your IT department knows about, so watch for "shadow IT" programs installed or written by users that leave a security gap....
Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure....
Cloudflare Flags Largest HTTPS DDoS Attack It's Ever Recorded
This scale of this month's encrypted DDoS attack over HTTPS suggests a well-resourced operation, analysts say....
TA410 under the microscope – Week in security with Tony Anscombe
Here's what you should know about FlowingFrog, LookingFrog and JollyFrog – the three teams making up the TA410 espionage umbrella group The post TA410 under the microscope – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Take a Diversified Approach to Encryption
Encryption will break, so it's important to mix and layer different encryption methods....
Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine
At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds...
Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers
Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By...
Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild
Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on...