What NYDFS Rules Mean for Businesses (in and outside of NY)
Starting this month, finance companies operating in New York must implement a variety of protections against unauthorized access to IT systems.
-
-
Attackers Ramp Up Efforts Targeting Developer Secrets
Software teams need to follow security best practices to eliminate the leak of secrets, as threat actors increase their scanning for configuration and repository files.
-
Attackers Ramp Up Efforts Targeting Developer Secrets
Software teams need to follow security best practices to eliminate the leak of secrets, as threat actors increase their scanning for configuration and repository files.
-
Despite Arrests, Scattered Spider Continues High-Profile Hacking
While law enforcement has identified and arrested several alleged members, the notorious threat group continues to wreak havoc.
-
Despite Arrests, Scattered Spider Continues High-Profile Hacking
While law enforcement has identified and arrested several alleged members, the notorious threat group continues to wreak havoc.
-
Cut CISA and Everyone Pays for It
Gutting CISA won’t just lose us a partner. It will lose us momentum. And in this game, that’s when things break.
-
TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China
Ireland’s Data Protection Commission (DPC) on Tuesday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users’ data to China. “TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements,” the DPC said in…
-
How to Automate CVE and Vulnerability Advisory Response with Tines
Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches…
-
MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks
The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver. “MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts,” Recorded Future’s Insikt Group said in a report shared with The Hacker News. “The malware employs sandbox and virtual machine evasion techniques, a domain
-
Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support
A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishing-resistant authentication method by default. “Brand new Microsoft accounts will now be ‘passwordless by default,’” Microsoft’s Joy Chik and Vasu Jakkal said. “New users will have…