Attackers broke into the Twitch house and cleaned out everything. Following least-privilege access principles will help others avoid that scenario.
Stories by Christopher Burgess
Device / machine identity, especially in association with robotic process automation, can be a conduit for intentional and unintentional insider breaches.
The ransomware keys might have been acquired by an ally, which would invoke the third-party doctrine where the decision to release was not the FBI's alone.
With internet blocks and high-profile arrests, Russia shows it can crack down on cybercrime when properly motivated.
Nearly every employee leaving a company takes data or intellectual property, but few companies adequately screen and monitor for it. Recent court cases underscore the risk.
Although the company informed its OEM customers of the vulnerability, users of IoT devices running its QNX OS were potentially kept in the dark.
Employee use of unauthorised apps have resulted in high-profile data losses. CISOs need to understand why shadow IT exists before addressing it.
Cybersecurity and Infrastructure Security Agency alert details past network compromises and exposes a lack of preparedness among ICS companies.
CISOs should leverage this guidance to help get the resources they need to make these attacks too costly for nation-state threat actors and criminals.
Sensitive company and personal data often leaves organisations on disposed devices. Data may be at risk when equipment is recycled.
DarkSide attack on Colonial is yet another wake-up call for companies to harden systems but history suggests that might not happen.
Microsoft's apparent misconfiguration of its own cloud bucket exposed third-party intellectual property. Here are the takeaways for CISOs.
The trial of Xiaorong You has now started, a research engineer used basic exfiltration techniques to steal trade secrets from Coca-Cola.