For individuals

Honored by SC Media, Ashley Jess shares her journey from FBI analyst to Intel 471 leader, tackling cyber threats and inspiring women in IT security.

Threat actors behind the intrusions initially compromised internet-exposed apps and database servers with SQL injection before proceeding with PHPsert webshell distribution, reconnaissance, credential compromise, lateral movement, and custom Mimikatz injection for pass-the-hash intrusions, according to a joint report from SentinelOne SentinelLabs and Tinextra Cyber.

High-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others' mistakes.

Chinese cybersecurity firm Sichuan Silence has been sanctioned by the U.S. Treasury Department for its role in the widespread exploitation of the Sophos XG firewall zero-day SQL injection flaw, tracked as CVE-2020-12271, to compromise critical infrastructure entities in the U.S. and other parts of the world with the Ragnarok ransomware in 2020.

Hackers are constantly evolving, and so too should our security protocols.

ICIT says the key to resilience is in the four Rs: resourcing, recovery, rehearsals, and response -- all essential to mitigate the risks posed by digital consolidation and ensure the security of critical infrastructure.

China appears to be merging its government and malware operations to create a new surveillance platform for Android devices.

Tying GRC activities to real-world financial outcomes allows risk professionals to bridge the communications gap with business leaders.

Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.