Russian cyber spies target CSPs and resellers to abuse delegated access
A new Microsoft advisory claims Russia's Nobelium group is trying to gain long-term access to the technology supply chain and offers mitigation advice.
A new Microsoft advisory claims Russia's Nobelium group is trying to gain long-term access to the technology supply chain and offers mitigation advice.
Cyber criminals are investing in deepfake technology to make social engineering and authentication bypass campaigns more effective.
Microsoft has warned channel partners about fresh supply chain attack activity by the Russian nation-state actor known as Nobelium, laying out a number of steps IT providers can take to mitigate the threat.
New data highlighting fluctuations relating to ransomware attack and payment claims indicates significant shifts in the cyber threat landscape.
SSRF attacks consist of an attacker tricking the server into making an unauthorised request. Defending against them can be relatively easy.
Melbourne-based CyberCX has announced leadership changes to its New Zealand organisation as it merges with Auckland-based subsidiary Insomnia Security.
Researchers explain how they identified -- or failed to identify -- the threat actors behind three high-profile incidents and why attribution is so difficult.
One of the vulnerabilities patched by Microsoft has been exploited by a Chinese cyber-espionage group since at least August.
Attackers broke into the Twitch house and cleaned out everything. Following least-privilege access principles will help others avoid that scenario.
A study by InfoSec Institute indicates that there has been an exponential increase in cyber attacks globally in the last five years, especially in October.
Salesforce systems hold a lot of sensitive customer data. Businesses must not fall victim to one of these common sins, errors, and blindspots.
2021 has been a banner year for cyber criminals, they have taken advantage of COVID-19 to attack both technical and social vulnerabilities.
PwC Australia has strengthened its cyber security capabilities after striking a deal to acquire local information security and risk management provider WebSecure Technologies.
Device / machine identity, especially in association with robotic process automation, can be a conduit for intentional and unintentional insider breaches.
Studies show that CSO readers are most likely to know that endpoint protection is the modern iteration of the anti-virus tools of previous generations.