Security researchers say a slight modification to a Microsoft Exchange zero day attack used by Russian state hackers can bypass a patch the computing giant introduced in March. Microsoft patched the modified attack during this month's dump of fixes, rating the bug as "important" but not "critical."
Business email compromise, end-user education, forensic archiving and recovery can be confounding to SMBs that lack the resources for a traditional secure email gateway. The rise of cloud-based email offerings means that SMBs can now get the same level of email protection without using a gateway.
With signs pointing to a global economic downturn, cybersecurity organizations are already thinking about managing budgets and doing more than less. Four CISOs share a wide range of belt-tightening tips, from putting the squeeze on your vendors and suppliers to training and hiring from within.
Cyren plans to cease operations and pursue liquidation after the email security and threat detection vendor failed to sell assets or raise more capital. The company terminated the employment of all remaining workers, commenced a bankruptcy proceeding in Israel and told Nasdaq to delist the company.
Acquiring Area 1 Security has allowed Cloudflare to extend its network protection capabilities from DDoS attacks to phishing emails, says co-founder and CEO Matthew Prince. Area 1's technology means customers will enjoy a better rate of detection with fewer false positives than legacy offerings.
Permira's $5.8 billion acquisition of Mimecast has allowed the email security vendor to make product and technology investments that don't provide an immediate financial return. Several buyers expressed interest in taking Mimecast private, and CEO Peter Bauer is glad the firm ended up with Permira.
Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems. But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta.
Emails encrypted through Microsoft Office are vulnerable to attacks that can reveal the original content of messages due to shortcomings in the protocol, says WithSecure security researcher Harry Sintonen. Microsoft says it may finally abandon its use of the Electronic Code Book algorithm.
A phishing and fraud prevention vendor has bought a startup founded by Qualys' longtime engineering leader to help organizations more effectively discover and monitor assets. Red Sift says its purchase of Hardenize will help customers assess the security of their digital asset inventory.
Hackers, possibly Chinese, are exploiting Microsoft Exchange zero-day vulnerabilities to apparently implant backdoors and steal credentials. The computing giant says it doesn't yet have a patch, telling systems administrators to instead implement workarounds.
Why is business identity theft increasing, and what are the latest tactics fraudsters are using to scam businesses and gig workers? Eva Velasquez, CEO at the Identity Theft Resource Center, shares her views on how business identity theft has evolved over the years and how to prevent it.
Insurance market giant Lloyd's of London says that starting next year, its cyber insurance policies will no longer cover state-sponsored cyberattacks. But with attribution being inherently tricky, expect this move to be tested in court, says Jonathan Armstrong, a partner at Cordery law firm.
Four ISMG editors discuss how security leaders determine the right level of security for the business, the growing risk of business ID theft to enterprises, and the arrest of a developer suspected of working for cryptocurrency mixing service Tornado Cash, for "facilitating money laundering."
Attackers are attempting to reset the passwords of some DigitalOcean customers, the cloud infrastructure provider says. The email addresses of these customers were likely exposed in a data breach involving Mailchimp, which provided transactional email services for DigitalOcean.
Two recent data breach lawsuit settlements by healthcare organizations underscore mounting liability risk stemming from a growing number of lawsuits. Missouri-based BJC Healthcare has agreed to pay up to $2.7 million to settle while Indiana-based Methodist Hospitals is on the hook for $425,000.