Recent Security News
-
Securely Moving Financial Services to the Cloud
October 11, 2023 at 11:55AM Moving financial services to the cloud requires careful consideration of security, compliance, and governance. It is important to establish secure use of the cloud and comply with regulations. Cloud governance, including three lines of governance, is crucial. Implementing infrastructure, application, and data pipelines, as well as change management and monitoring,…
-
Data Thieves Test-Drive Unique Certificate Abuse Tactic
October 11, 2023 at 11:41AM Attackers are using a new method of certificate abuse to spread info-stealing malware, including stealing cryptocurrency from Windows systems. The campaign involves search engine optimization poisoning to deliver malicious pages promoting illegal software downloads. The malware uses special certificates with long strings of non-English characters, making them difficult to detect.…
-
Windows 11 21H2 and Windows Server 2012 reach end of support
October 11, 2023 at 11:32AM Microsoft has officially ended support for Windows Server 2012 and Windows 11, version 21H2. This means that these operating systems will no longer receive security updates, bug fixes, or technical support. Microsoft advises users to upgrade to newer versions or obtain Extended Security Updates (ESUs) to continue receiving essential updates.…
-
CISOs’ salary growth slows – with pay gap widening
October 11, 2023 at 10:43AM According to a survey of 600 US-based CISOs, the pay gap between top-earning and bottom-earning CISOs is widening, with the highest-paid executives seeing their salaries increase at three times the rate of those in lower positions. The majority of CISOs earn either below $400,000 or above $700,000 annually. Overall, CISO…
-
Microsoft: State hackers exploiting Confluence zero-day since September
October 11, 2023 at 10:35AM A Chinese-backed threat group, known as Storm-0062 or DarkShadow, has been exploiting a zero-day vulnerability in Atlassian Confluence Data Center and Server since September 2023. Microsoft has shared more information about the group’s involvement and identified four offending IP addresses. The vulnerability allows the group to create arbitrary administrator accounts.…