Hackers Dump Australian Health Data Online, Declare Case Closed

One Year Later: Log4Shell Remediation Slow, Painful Slog

Investors Bet $31 Million on Sphere for Identity Hygiene Tech

Google Links Exploitation Frameworks to Spanish Spyware Vendor Variston

Chrome 108 Patches High-Severity Memory Safety Bugs

Delta Electronics Patches Serious Flaws in Industrial Networking Devices

Delta Electronics has patched command injection vulnerabilities in two of its industrial networking products.[Read More]

Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework

A critical vulnerability in the Quarkus Java framework can be exploited to achieve remote code execution via drive-by localhost attacks.[Read More]

Self-Replicating Malware Used by Chinese Cyberspies Spreads via USB Drives

A China-linked cyberespionage group has been observed using self-replicating malware on USB drives to infect targets.[Read More]

OT:Icefall Continues With Vulnerabilities in Festo, Codesys Products

Forescout warns of three newly identified vulnerabilities in OT products from Festo and Codesys.[Read More]

Ransomware Gang Takes Credit for Maple Leaf Foods Hack

The Black Basta ransomware gang has taken credit for the attack on Canadian meat giant Maple Leaf Foods.[Read More]

Vulnerability in Acer Laptops Allows Attackers to Disable Secure Boot

A vulnerability impacting multiple Acer laptop models could allow an attacker to disable the Secure Boot feature and bypass security protections to install malware.[Read More]

Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability

Initial access brokers are selling access to enterprise environments that have been compromised via a recently patched critical Fortinet vulnerability.[Read More]

Oracle Fusion Middleware Vulnerability Exploited in the Wild

CISA has warned organizations about CVE-2021-35587, a critical Oracle Fusion Middleware vulnerability that has been exploited in attacks.[Read More]

Census Bureau Chief Defends New Privacy Tool Against Critics

Report says Census Bureau failed to stop simulated cyberattacks conducted under an operation to test for security vulnerabilities.[Read More]

Virginia County Confirms Personal Information Stolen in Ransomware Attack

Southampton County in Virginia has started informing individuals that their personal information might have been compromised in ransomware attack.[Read More]

Dont Let Your Career Go the Way of Entertainment 720

Joshua GoldfarbManagement & Strategy

I believe that as security and fraud professionals, we can learn an important career lesson from fictional company Entertainment 720.

Digesting CISAs Cross-Sector Cybersecurity Performance Goals

Basic cyber hygiene may seem rudimentary, but as highlighted in CISAs four key challenges above, it is something organizations of all sizes struggle with.

Cyber Resilience: The New Strategy to Cope With Increased Threats

When implemented properly, cyber resilience can be considered a preventive measure to counteract human error, malicious actions, and decayed, insecure software.

Risk Mitigation Strategies to Close the XIoT Security Gap

Understanding the vulnerability landscape of the XIoT to properly assess and mitigate risk is critically important to protect livelihoods and lives.

Balancing Security Automation and the Human Element

When we start to consider the human element of the security automation equation, and its impact on the automation capabilities we select and how we measure progress, we can accelerate automation initiatives and the benefits we derive.

Bringing Bots and Fraud to the Boardroom

Joshua GoldfarbFraud & Identity Theft

If security can learn to communicate in a way that executives and boar members can understand, internalize, and act upon, it serves to benefit tremendously.

Offense Gets the Glory, but Defense Wins the Game

Organizations may better align their defenses to adapt and react proactively to rapidly changing attack approaches when they have a better grasp of the objectives and strategies employed by their adversaries.

Tailoring Security Training to Specific Kinds of Threats

Jeff OrloffTraining & Certification

By focusing on attack tactics and techniques that pose clear and present danger to the business, a company can achieve the greatest return on its training initiatives.

How to Prepare for New SEC Cybersecurity Disclosure Requirements

The new SEC requirements are putting on paper what many companiespublic and privateshould have been investing in already.

Leveraging Managed Services to Optimize Your Threat Intelligence Program During an Economic Downturn

How organizations can use managed services to optimize their threat intelligence program during an economic downturn.

Hackers Dump Australian Health Data Online, Declare Case Closed

One Year Later: Log4Shell Remediation Slow, Painful Slog

Dont Let Your Career Go the Way of Entertainment 720

Investors Bet $31 Million on Sphere for Identity Hygiene Tech

Google Links Exploitation Frameworks to Spanish Spyware Vendor Variston

Chrome 108 Patches High-Severity Memory Safety Bugs

Delta Electronics Patches Serious Flaws in Industrial Networking Devices

Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework

Self-Replicating Malware Used by Chinese Cyberspies Spreads via USB Drives

OT:Icefall Continues With Vulnerabilities in Festo, Codesys Products

Looking for Malware in All the Wrong Places?

First Step For The Internets next 25 years: Adding Security to the DNS

Tattle Tale: What Your Computer Says About You

Be in a Position to Act Through Cyber Situational Awareness

Report Shows Heavily Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Great Year To Be a Scammer.

Dont Let DNS be Your Single Point of Failure

Defining and Debating Cyber Warfare

The Five As that Make Cybercrime so Attractive

Security Budgets Not in Line with Threats

Anycast - Three Reasons Why Your DNS Network Should Use It

The Evolution of the Extended Enterprise: Security Strategies for Forward Thinking Organizations

Using DNS Across the Extended Enterprise: Its Risky Business