The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of new tools and guidance to the Infrastructure Resilience Planning Framework (IRPF).
CISA Updates Infrastructure Resilience Planning Framework
Palo Alto to Acquire Israeli Software Supply Chain Startup
Cybersecurity powerhouse Palo Alto Networks on Thursday announced plans to spend $195 million in cash to acquire Israeli startup Cider Security, a deal that adds software supply chain security capabilities to its Prisma Cloud platform.
US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j
The U.S. government on Wednesday issued a blunt recommendation for organizations running VMWare Horizon servers: Initiate threat-hunting activities to find and expel Iranian APT actors that used the Log4j crisis to slip undetected into corporate networks.
Akeyless Raises $65 Million for Secrets Management Tech
Israeli early-stage startup Akeyless has banked a whopping $65 million in venture capital funding to build technology to help businesses manage credentials, certificates, keys and other secrets flowing through multi-cloud environments.
Threat Hunting Summit Virtual Event NOW LIVE
SecurityWeek’s 2022 Threat Hunting Summit is now LIVE! (View agenda)
Over 12,000 Cyber Incidents at DoD Since 2015, But Incident Management Still Lacking
The US Government Accountability Office (GAO) this week has published a report detailing issues identified in the Department of Defense’s (DoD) cyber incident management processes.
Balancing Security Automation and the Human Element
There are two recurring themes in security that we continue to discuss, debate and, quite frankly, struggle with—automation and the talent gap.
Microsoft Scrambles to Thwart New Zero-Day Attacks
The zero-day attacks against Microsoft’s software products are showing no signs of slowing down.
US States Announce $16M Settlement With Experian, T-Mobile Over Data Breaches
Authorities in 40 US states have reached a settlement totaling more than $16 million with Experian and T-Mobile over data breaches suffered by the companies in 2012 and 2015.
Offense Gets the Glory, but Defense Wins the Game
When it comes to cybercriminals, defense evasion remains the top tactic globally. In fact, it was the most employed tactic by malware developers in the past six months – and they’re often using system binary proxy execution to do so. Hiding malicious intentions is one of the most important actions for adversaries. Therefore, they are attempting to evade defenses by masking malicious intention and attempting to hide commands using a legitimate certificate.
