Cybersecurity - The Stack

Change Healthcare

Single ransomware attack has $2.45 billion impact -- with "direct response" costs hitting $776 million

One Citrix appliance with no MFA = $2 billion in damages.

operational technology

Scottish electricity firm plans £150m OT security spend

New requirements for utilities on cybersecurity under an “enhanced” Cyber Assessment Framework (e-CAF) is driving significant spend and the energy sector is...

A CPSO helps the board shine a light into the sometimes murky world of product security

Cybersecurity

Should more companies hire Chief Product Security Officers?

“Many organisations have teams working in silos, so security doesn’t have the chance to review and advise the product team before it is too late."

vulnerabilities

Fake OpenSSH "exploit" is a real exploit. Just not the one you thought.

Cisco says 42 products confirmed exposed to CVE-2024-6387 -- but OpenSSH exploit is malicious: Beware bogus POCs says Kaspersky

Cobalt Strike

Cobalt Strike takedown likely to make Sliver even more popular

Brute Ratel, Sliver and other alternatives are less well-known and mature than Cobalt Strike but increasingly adopted.

BT's Dave Harcourt speaks at Zscaler's conference in The Hague

"Our infrastructure is not designed for it": BT security leader reveals the challenges of deploying zero trust

How do you protect legacy technology from the threats of tomorrow? Security chief at world's oldest telecoms firm shares rare insights into its move towards a post-trust world

OpenSSH

Pre-auth RCE to root in OpenSSH server: 700,000 instances exposed

RHEL 9 affected, Debian, Ubuntu, SUSE push fixes

crowdstrike

CrowdStrike bug maxes out 100% of CPU, requires Windows reboots

"Note: This is 100% of a single core. In an 8-core system for example, an additional 12.5% of unexpected total CPU load would be experienced..."

Cybersecurity

Feds to CIOs: Actively ask your vendors if they’ve done a SQLi audit...

Fix up, look sharp: Uncle Sam is running out of patience with tech firms shipping insecure software. Vendors? Get familiar with the phrase "query parameterization"...

Cybersecurity

CISA breach: Hackers gained access to chemical sector's vulnerability assessments

Cybersecurity agency's cybersecurity appliance breached (yes, everything is broken) but no exfiltration seen says CISA

See all

Single ransomware attack has $2.45 billion impact -- with "direct response" costs hitting $776 million

Scottish electricity firm plans £150m OT security spend

Should more companies hire Chief Product Security Officers?

Fake OpenSSH "exploit" is a real exploit. Just not the one you thought.

Cobalt Strike takedown likely to make Sliver even more popular

"Our infrastructure is not designed for it": BT security leader reveals the challenges of deploying zero trust

Pre-auth RCE to root in OpenSSH server: 700,000 instances exposed

Federal Reserve passed Treasury Secretary's details to Russians after social engineering incident

CrowdStrike bug maxes out 100% of CPU, requires Windows reboots

Feds to CIOs: Actively ask your vendors if they’ve done a SQLi audit...

CISA breach: Hackers gained access to chemical sector's vulnerability assessments

EU Cloud Certification Scheme could be "discriminatory" to Amazon, Google and Microsoft