SC Media

@SCMagazine

The official Twitter feed for all things IT security. A CyberRisk Alliance Resource.

NYC

Joined November 2008

2KFollowing

120KFollowers

Pinned

SC Media@SCMagazine · Jul 24

In addition to two China-linked threat actors exploiting government agencies via SharePoint zero-days, a third China-backed group deployed Warlock #ransomware on SharePoint servers, @Microsoft reported. #cybersecurity #infosec #ITsecurity bit.ly/3IJ8g6C

SCMagazine's tweet card. More than 400 organizations were compromised in at least four confirmed attack waves.

3.0K

SC Media@SCMagazine · 1 h

President Donald Trump unveiled his AI Action Plan, which focuses on reducing #AI regulations and bolstering innovation while strengthening defenses against AI-related risk. #cybersecurity #infosec #ITsecurity bit.ly/4kW7q3Q

SCMagazine's tweet card. Cyber experts praised the plan’s national defense focus while raising implementation concerns.

329

SC Media@SCMagazine · 3 h

.@Cisco confirmed the attempted exploitation of max severity flaws in its Identity Services Engine (ISE) and ISE Passive Identity Connector. #cybersecurity #infosec #ITsecurity bit.ly/413K9ps

SCMagazine's tweet card. Three separate flaws could each enable unauthenticated RCE with root privileges.

484

SC Media@SCMagazine · 5 h

A report from @entrosecurity found that non-human identities (NHIs) continue to outpace human accounts, with the average growing in the past year from 92:1 to 144:1 – a 56% jump in just one year. #IAM #cybersecurity #infosec bit.ly/46wrkit

SCMagazine's tweet card. Despite the cause of major cyberattacks like SolarWinds, CodeCov, and CircleCI, teams still don’t prioritize NHIs.

462

SC Media@SCMagazine · 7 h

For #AI to get used responsibly and efficiently by the government, agencies will have to implement stronger and AI-specific data security, governance, and ethical frameworks across the board, says @AvePoint's Dana Simberkoff in this commentary. #infosec bit.ly/4lLHDwp

SCMagazine's tweet card. Here's three ways governments can deliver secure AI

559

SC Media@SCMagazine · 14 h

651

SC Media@SCMagazine · 16 h

Recovery is a mark of national maturity — an expression of foresight, design, and strategic clarity, says @InstituteCIT's Cory Simpson in this commentary. For the United States, recovery by design must become the foundation of modernization. #cybersecurity bit.ly/3Ud3h0F

SCMagazine's tweet card. Recovery — the ability to restore, adapt, and continue operations under pressure — remains undervalued.

679

SC Media@SCMagazine · 17 h

While vulnerability management traditionally has been concerned with patching flaws after they've been found, exposure management is proactive as well as reactive. #cybersecurity #infosec #ITsecurity bit.ly/45323dn

SCMagazine's tweet card. Traditional vulnerability management can't fix today's cloud misconfigurations, compromised accounts or shadow IT. That's where exposure management comes into play.

663

SC Media@SCMagazine · 17 h

No demographic preferred interacting with an #AI agent instead of a human customer-service agent in a customer identity trends report by @auth0. The ratio against using AI was more than 40-to-1 for Baby Boomers. #IAM #cybersecurity #infosec bit.ly/4m4V9Lc

SCMagazine's tweet card. Maintaining consumer trust while enforcing security standards is getting tougher -- and AI is complicating the situation.

567

SC Media@SCMagazine · 19 h

.@owasp, known for tracking critical web application vulnerabilities, ranks supply chain attacks among the Top 10 risks facing large language model (LLM) applications. #AI #cybersecurity #infosec #ITsecurity bit.ly/3Usxjxa

SCMagazine's tweet card. OWASP doesn’t just name supply chain attacks a top AI threat, it shows exactly how to stop them. This is the fix, straight from the source.

645

SC Media@SCMagazine · 20 h

It’s easy to dismiss hacktivism as a low-level, attention-seeking nuisance, says @radware's Pascal Geenens in this commentary. Please do not underestimate the hacktivists, Geenens says. #cybersecurity #infosec #ITsecurity bit.ly/4kW0ALO

SCMagazine's tweet card. Hacktivists are no longer the low-level nuisance that many people still think.

628

SC Media@SCMagazine · 20 h

“You can’t fix identity with a product,” said Dr. Dustin Sachs, chief technologist at @cyberleaders. “You fix it by aligning people, policies, and processes — and then choosing the tools to support that framework.” #cybersecurity #IAM #infosec #ITsecurity bit.ly/4mqmPe3

SCMagazine's tweet card. Spending on identity tools topped $22.9 billion last year, yet breaches tied to mismanaged access continue to rise. Security leaders say technology isn’t the issue, rather governance is.

550

SC Media@SCMagazine · 22 h

.@AWS' Amazon Q extension for Visual Studio Code reportedly contained a wiper-style prompt injection planted by a hacker. AWS responded to security researchers that “a potentially unapproved code modification was attempted” in the extension. #cybersecurity bit.ly/4o4ByfZ

SCMagazine's tweet card. AWS said it removed “unapproved code” affecting the extension and released an updated version.

629

SC Media@SCMagazine · 23 h

While news is spreading quicker than ever about unpatched vulnerabilities and zero-day attacks, organizations are not getting any better at installing emergency fixes, according to researchers at the @SANSInstitute. #cybersecurity #infosec #ITsecurity bit.ly/46TCGwQ

SCMagazine's tweet card. Administrators are taking their time with installing patches, even for known vulnerabilities.

552

SC Media@SCMagazine · 24 h

Autonomous decision-making and continuous learning are the two leading attributes that present significant opportunities from agentic #AI for lean security teams, says @stellarcyberai's Subo Guha in this commentary. #cybersecurity #infosec #ITsecurity bit.ly/4m3ODEB

SCMagazine's tweet card. Here’s four ways Agentic AI can deliver a supercharged SOC for cash-strapped security teams.

525

SC Media@SCMagazine · Jul 26

Attack path analysis – an important component of a continuous threat exposure management (CTEM) framework – can help security teams, says @XMCyber_'s Yaron Mazor in this commentary, offering five issues security teams should fix. #cybersecurity #IAM bit.ly/45lFaD5

SCMagazine's tweet card. Here’s how CTEM tools can complement a PAM.

481

SC Media@SCMagazine · Jul 26

A recent WordPress attack abused Google Tag Manager to redirect visitors to a spam page, @sucurisecurity researchers reported. #cybersecurity #infosec #ITsecurity bit.ly/44KLYKg

SCMagazine's tweet card. The fileless attack forcibly redirects visitors to a spam site using a hidden script.

509

SC Media@SCMagazine · Jul 26

The traditional model of network security has been disrupted by several key trends, said @PaloAltoNtwks' Prakash Rajamani in a recent SC Media webcast: the COVID-19 pandemic, widespread remote work, and rapid cloud adoption. #AI #cybersecurity #infosec bit.ly/470eIjE

SCMagazine's tweet card. In this webcast summary, Prakash Rajamani, VP of Product Management at Palo Alto Networks, and host Adrian Sanabria discuss how security leaders can reduce risk and complexity through end-to-end...

557

SC Media@SCMagazine · Jul 26

597

SC Media@SCMagazine · Jul 25

.@Cisco confirmed the attempted exploitation of max severity flaws in its Identity Services Engine (ISE) and ISE Passive Identity Connector. #cybersecurity #infosec #ITsecurity bit.ly/413K9ps

579

SC Media@SCMagazine · Jul 25

The U.S. National Nuclear Security Administration, Education Department, Florida’s Department of Revenue, and the Rhode Island General Assembly were among the organizations exploited by various reported SharePoint zero-day bugs. #cybersecurity #infosec bit.ly/44Kletl

SCMagazine's tweet card. Others targeted include the U.S. Education Department, Rhode Island General Assembly, and governments in Europe and the Middle East.

602