Search Results: mandiant

Mandiant Adds Attack Surface Management to its SaaS Portfolio with the Acquisition of Intrigue

August 10, 2021 TechDecisions Staff Leave a Comment

Intrigue to be integrated into the Mandiant Advantage platform, enabling organizations to discover, monitor, and manage risk across their entire attack surface MILPITAS, Calif.–(BUSINESS WIRE)–$FEYE #cybersecurity–Mandiant, a part of FireEye, Inc. (NASDAQ: FEYE), today announced the acquisition of Intrigue, a leader in the emerging attack surface management market. Intrigue’s attack surface management technology will be […]

Progress Software Urges Further Action to Prevent MOVEit Exploitation

Defending against exploitation of MOVEit vulnerabilities gets more complicated as Progress Software issues another patch.

June 16, 2023 Zachary Comeau Leave a Comment

The MOVEit Transfer story continues to plague IT departments and security professionals as Progress Software has issued another advisory, urging organizations to apply yet another patch to address a privilege escalation flaw in its Transfer product. The company’s update comes amid reports of widespread exploitation, including several at several U.S. agencies that were breached as […]

Barracuda: Replace Compromised ESG Appliances Immediately

Barracuda Networks is urging organizations with Email Security Gateway appliances impacted by a remote command injection bug to replace them.

June 12, 2023 Zachary Comeau Leave a Comment

[Editor’s Note: This article has been updated to reflect Barracuda Networks’ official statement.] Barracuda Networks is urging organizations with Email Security Gateway appliances impacted by a remote command injection bug in the devices to replace them, even if they were patched. The company’s recommendation comes after Barracuda was first alerted to anomalous traffic coming from […]

Google Launches New Cybersecurity Certificate Program

The Cybersecurity Certificate is a new addition to the Google Career Certificate program designed to help job seekers upskill and transition to tech.

May 4, 2023 Zachary Comeau Leave a Comment

In a bid to help expand the cybersecurity workforce and fill the skills gap, Google is launching a new Cybersecurity Certificate as a new addition to the Google Career Certificate program designed to help job seekers transition to the technology industry. According to Google, the Cybersecurity Certificate is designed and taught by the company’s cybersecurity […]

Google at RSA: AI, LLMs Meet Security with Security AI Workbench

Google is enhancing its security tools with Google Cloud Security AI Workbench, an extensible platform powered by a specialized security LLM.

April 27, 2023 Zachary Comeau Leave a Comment

Google is beefing up its security offerings by integrating new generative AI tools and large language models (LLMs) into its security product suite, including a new Google Cloud Security AI Workbench designed to address threat overload, tooling issues and talent shortages. According to the company, which announced the news during the annual RSA Conference, Google […]

CIS, Google Partner to Help Secure Public Sector

The CIS & Google Cloud Alliance is designed to help advance security and resilience for tech, with an emphasis on the public sector.

April 24, 2023 Zachary Comeau Leave a Comment

The Center for Internet Security and Google are partnering to create the CIS & Google Cloud Alliance to help advance security and resilience for the broader technology ecosystem, with an emphasis on the public sector. According to the organizations, the alliance will combine the companies’ experience to offer greater security to public sector entities. The […]

‘Cascading Supply Chain Compromise’ Led to 3CX Compromise

The malicious activity that led to the supply chain attacks leveraging the 3CX desktop app was actually another supply chain compromise.

April 20, 2023 Zachary Comeau Leave a Comment

The compromise that led to the supply chain attack leveraging the 3CX desktop app was actually another supply chain compromise, according to cybersecurity forensics firm Mandiant. The Google-owned company published a blog detailing the supply chain compromise that affected the 3CX desktop app, which was allegedly perpetrated by a North Korean entity. However, the 3CX […]

April 2023 Patch Tuesday: CLFS Under Active Attack Again; 10-Year-Old Bug Reissued

IT administrators have a busy month with Microsoft alone releasing patches for 100 vulnerabilities, including one under active attack.

April 11, 2023 Zachary Comeau Leave a Comment

IT administrators in Microsoft environments have about 100 patches to apply for the April 2023 Patch Tuesday release, including one in Windows Common Log File System Driver that is being actively exploited and another one from 2013 that is being reissued. The company released patches to fix 97 vulnerabilities in its products, which was in […]

3CX Compromised in Supply Chain Attack

A flaw in the desktop app from VoIP provider 3CX is being exploited in supply chain attacks, leading to possible hands-on-keyboard activity.

March 31, 2023 Zachary Comeau Leave a Comment

Cybersecurity researchers say a vulnerability in the desktop app from VoIP provider 3CX is being actively exploited in supply chain attacks, leading to possible hands-on-keyboard activity by advanced threat actors, including nation-state actors. According to researchers, malicious activity was observed coming from a legitimate signed binary, 3CXDesktopApp — a softphone application from 3CX. Cybersecurity firm […]

LastPass Hack: Attacker Accessed DevOps Engineer’s Home Computer to Steal Decrpytion Keys

LastPass reveals new information on its ongoing investigation into a security incident, including how a developer's home computer was hacked.

February 28, 2023 Zachary Comeau Leave a Comment

[Editor’s note: This article has been updated to reflect the company’s official statement on the new updates.] The same threat actor that accessed portions of the LastPass development environment and source code that has forced the company since August 2022 to provide updates as new information is revealed, apparently accessed a shared cloud-storage environment obtained […]