Search Results: solarwinds

Notorious Russian Hacking Group Has A New Trick to Maintain Persistence

Microsoft says the same threat actors that compromised SolarWinds Orion are leveraging AD FS to maintain access.

August 30, 2022 Zachary Comeau Leave a Comment

Microsoft says it has uncovered a tactic used by Russia-aligned threat actors that is used to maintain persistence access to compromised environments after leveraging an Active Directory Federation Services (AD FS) server. In a lengthy blog post, Microsoft details how NOBELIUM—the codename attached to the same threat group that leveraged the SolarWinds Orion platform and […]

How to Implement a Third-Party Cyber Risk Management Program

CyberGRX explains the importance of implementing a TPCRM program and how your organization can get started, particularly when working with a hybrid workforce.

August 24, 2022 Sarah Frazier Leave a Comment

The COVID-19 pandemic introduced swift digital changes that created further security vulnerabilities for a hybrid workforce. Due to the distributed nature of modern work environments, businesses must be on the lookout for ways that cybercriminals can expose new vulnerabilities. In today’s economy, the need to construct a third-party cyber risk management program  (TPCRM) program for […]

My TechDecisions Episode 170: Protecting Against Supply Chain Attacks

Vijay Viswanathan of Open Systems joins the podcast to talk about creating a cybersecurity model that protects against supply chain attacks.

August 18, 2022 Zachary Comeau Leave a Comment

Vijay Viswanathan of Open Systems joins the podcast to talk about creating a cybersecurity model that protects against supply chain attacks.

This Week in IT: macOS Bug, New Google Cloud Offerings, Phishing Attacks, Autopatch, and More

Security research, threat trends and the general availability of Microsoft's AutoPatch highlight this week's IT news.

July 14, 2022 Zachary Comeau Leave a Comment

Editor’s note: There is a lot going on in the world of IT, from emerging technologies to digital transformation and new cybersecurity threats. However, we can’t possibly cover it all, so we’ll bring you this curated summary of IT and enterprise technology stories each week. Microsoft Discovers macOS App Sandbox escape bug Microsoft says it […]

My TechDecisions Episode 164: Current and Future Cybersecurity Threats

John Fokker, principal engineer & head of cyber investigations at Trellix, joins the podcast to talk about attack trends on the front lines.

June 23, 2022 Zachary Comeau Leave a Comment

John Fokker, principal engineer & head of cyber investigations at Trellix, joins the podcast to talk about attack trends on the front lines.

MITRE’s New “System of Trust” Protects Vulnerable Supply Chains

June 6, 2022 TechDecisions Staff Leave a Comment

SAN FRANCISCO–(BUSINESS WIRE)–Tomorrow at the RSA 2022 Conference, MITRE will unveil its new “System of Trust,” a framework to provide a comprehensive, community-driven, knowledge base of supply chain security risks and a customizable, security-risk assessment process for use by any organization within the supply chain ecosystem. For the first time, there’s a free and open […]

Static SBOMs vs Dynamic SBOMs

While more organizations recognize that they need an SBOM, dynamic SBOMS are far superior than static ones.

June 6, 2022 Liran Tancman Leave a Comment

Since the federal government mandate calling for the creation of a software bill of materials (SBOM) to avoid the next SolarWinds or Log4j exposures, software providers have been scrambling to figure out how to create SBOMs that are both effective and dynamic, given that software changes over time. Bills of material have long been standard […]

Verizon Report Suggests Ransomware Is Getting Worse

Ransomware is up 13%, a larger rise than the past five years combined, according to Verizon's Data Breach Investigations Report.

May 25, 2022 Zachary Comeau Leave a Comment

Despite a global focus on cybersecurity, increased pressure from law enforcement on cybercrime groups and a software industry that continues to rapidly innovate to solve security issues, ransomware continues its upward trajectory, rising as much in one year as it has over the past five years combined, according to Verizon’s 2022 Data Breach Investigations Report. […]

How the IT Industry is Securing Open-Source Software

The IT industry and the U.S. government have outlined a 10-step plan to secure open-source software and the IT supply chain.

May 16, 2022 Zachary Comeau Leave a Comment

The IT industry and the U.S. government have outlined a 10-step plan to ensure the security of open-source software and the IT supply chain after a series of supply chain attacks and open-source software vulnerabilities were discovered in recent years. The plan is designed to secure the production of open-source software, improve vulnerability discovery and […]

A NASA-Style Approach to Preventing Supply Chain Attacks in 2022

Enterprises involved in the global supply chain, even tangentially, have become highly susceptible to cyberattacks.

May 2, 2022 Vijay Viswanathan Leave a Comment

Enterprises involved in the global supply chain, even tangentially, have become highly susceptible to cyberattacks. This is because infiltrating a third-party software provider gives bad actors an avenue to target and access thousands of downstream customers. One of the biggest recent supply chain attacks was on IT management software provider SolarWinds, which saw hackers insert […]