Author: Asad Yaseen

Picture this: a young person is in a dark room. The only thing visible is their figure, as it is just barely lit by the blinding LEDs of their computer screen. They type furiously on an ergonomic keyboard as thousands of lines of neon green monospace text fly across the screen. Click-clack-click-clack-click-clack. The moving text and the flying fingers come to a halt, and the computer emits a positive sounding “ding!” Out from underneath a…

90% of U.S. infosec survey respondents said their workforce shifted to working from home in 2020, yet only 29% trained users on safe remote working habits Proofpoint, Inc. (NASDAQ: PFPT), a leading cybersecurity and compliance company, today released its seventh annual State of the Phish report, which explores enterprise phishing experiences and provides an in-depth look at user awareness, vulnerability, and resilience. More than 75% of surveyed infosec professionals said their organizations faced broad-based phishing attacks—both…

Data loss is the number one result of a fruitful phishing campaign, but account compromises and ransomware attacks can threaten your organization as well, says Proofpoint. Image: iStock/OrnRin Phishing attacks seem like a relatively simple tactic on the part of cybercriminals. Set up a phishing webpage, create your phishing email, send the email to targeted recipients, and then wait for those stolen account credentials and other compromised information to come your way. On the receiving…

By Ankur Singla, Founder and CEO of Volterra Organizations of all sizes are adopting cloud-native application design and deployment practices as they continue to digitally transform business processes. This includes the extensive use of microservices and APIs, as well as distributing clusters across multiple cloud providers. Unfortunately, a recent survey by Propeller Insights found that while most organizations today are using cloud-native apps, Kubernetes and microservices, they struggle to secure and connect the complex environments…

It’s Time to Have “The Talk” About the Internet: 7 Conversation-Starters for Staying Much Safer Online With Safer Internet Day upon us, it’s time to have “The Talk.” The internet talk, that is. What’s the internet talk? It’s a candid conversation about how safe we’re really being when we go online, as opposed to how safe we think we’re being. Indeed, there can be a sizable gap between the two, and our 2021 Consumer Security…

Following reports of in-the-wild exploitation, Google released a patch for the third browser-based zero-day vulnerability of 2021. Background On February 4, Google published a stable channel update for Chrome for Desktop. This release contained a single security fix to address a critical zero-day vulnerability that had been exploited in the wild. Analysis CVE-2021-21148 is a heap buffer overflow vulnerability in V8, Google Chrome’s open-source JavaScript and WebAssembly engine. Its discovery is credited to Mattias Buelens, who…

1. Attackers have a plan, with clear objectives and outcomes in mind. Do you have one? Clearly this was a motivated and patient adversary. They spent many months in the planning and execution of an attack that was not incredibly sophisticated in its tactics, but rather used multiple semi-novel attack methods combined with persistent, stealthy and well-orchestrated processes. In a world where we always need to find ways to stay even one step ahead of…

Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout. ApoevAndrey, Getty Images/iStockphoto Cybercriminals who hire themselves out for DDoS (Distributed Denial of Service) campaigns are beefing up their attacks by abusing a popular media library tool. In an alert published Wednesday, network monitoring firm Netscout warned of an exploit against Plex Media Server, a media library and streaming system that…