Cloud SecurityAttackers evade detection by leveraging Microsoft Graph APISteve ZurierMay 3, 2024Microsoft Graph API has become popular with hackers because running criminal ops on widely used cloud services raises less suspicion.
Cloud SecurityAttackers steal API keys, OAuth tokens, in Dropbox Sign breachSteve ZurierMay 2, 2024Security pros see the Dropbox Sign breach as not just a blow to Dropbox, but a really bad day for electronic signatures.
RansomwareSenators grill UnitedHealth CEO on Change Healthcare cyberattackSteve ZurierMay 1, 2024Andrew Witty stuck with the familiar corporate line of providing consumers with two years of credit monitoring.
Network SecurityChange Healthcare incident caused by compromised Citrix credentialsSteve ZurierApril 30, 2024UnitedHealth Group’s CEO Andrew Witty set to testify before Congress tomorrow – security pros say there’s more to the story and it will take several more months of investigation before we know the full kill chain.
Cloud SecurityChrome users report broken connections after Chrome 124 releaseSteve ZurierApril 29, 2024Security pros say these connection issues will recede over time as enterprises adjust and more quantum-resistant encryption is released.
IdentityKaiser Permanente notifies 13.4M patients of potential data exposureSteve ZurierApril 26, 2024Patient data may have been transferred via apps to third-party vendors like Google, Microsoft and X.
Application securityAfter a 19-month saga, Broadcom finally patches Brocade SANnav bugsSteve ZurierApril 25, 2024Security pros say given the complexity of SAN management tools, it’s understandable the patches took so long.
Vulnerability ManagementGoogle patches critical type-confusion flaw in Chrome browserSteve ZurierApril 24, 2024Security pros say there’s a high potential that attackers could launch arbitrary code execution.
RansomwareA ‘substantial proportion’ of Americans exposed in Change Healthcare cyberattackSteve ZurierApril 23, 2024Change Healthcare owner UnitedHealth Group acknowledges some customer protected health information leaked on dark web.
Network SecurityMITRE research and prototyping network breached via Ivanti zero-daysSteve ZurierApril 22, 2024Security pros say while the target was an unclassified network, the research it manages on emerging technologies could be of interest to adversaries.