Please turn on your JavaScript for this page to function normally.
danger
Fake alerts about outdated security certificates lead to malware

Cyber criminals have been trying out a new approach for delivering malware: fake alerts about outdated security certificates, complete with an “Install …

face
Vulnerability allows attackers to register malicious lookalikes of legitimate web domains

Cybercriminals were able to register malicious generic top-level domains (gTLDs) and subdomains imitating legitimate, prominent sites due to Verisign and several IaaS services …

Let's Encrypt
Let’s Encrypt will revoke 3m+ TLS/SSL certificates

Starting with 20:00 UTC (3:00pm US EST), today (March 4), the non-profit certificate authority Let’s Encrypt will begin it’s effort to revoke a little over 3 …

alert
How to gather cyber threat intelligence from dark markets without breaking US law

The U.S. Department of Justice’s Cybersecurity Unit has released guidelines for organizations that want to gather cyber threat intelligence from dark web forums/markets but, …

mobile work
Orgs that sacrifice mobile security are twice as likely to suffer a compromise

The percentage of companies admitting to suffering a mobile-related compromise has grown (39%, when compared to last years’ 33%) despite a higher percentage of …

Kali Linux
Kali Linux evolution: What’s next for the open source pentesting Linux distro?

When the popular security-focused BackTrack Linux distribution was redesigned from the ground up and given the name Kali Linux nearly seven years ago, I remember thinking that …

CWE list now includes hardware security weaknesses

The Mitre Corporation has released version 4.0 of the Common Weakness Enumeration (CWE) list, which has been expanded to include hardware security weaknesses. About CWE The …

Microsoft Exchange
Attackers probing for vulnerable Microsoft Exchange Servers, is yours one of them?

CVE-2020-0688, a remote code execution bug in Microsoft Exchange Server that has been squashed by Microsoft in early February, is ripe for exploitation and could become a …

Chrome
Google fixes another Chrome zero-day exploited in the wild

For the third time in a year, Google has fixed a Chrome zero-day (CVE-2020-6418) that is being actively exploited by attackers in the wild. About CVE-2020-6418 No details have …

healthcare
Healthcare industry at greatest risk of data breach

The healthcare industry has significantly more exposed attack surfaces than any other industry surveyed, according to Censys’s research findings of cloud risks and cloud …

tunnel
A new RCE in OpenSMTPD’s default install, patch available

Less than a month after the patching of a critical RCE flaw in OpenSMTPD, OpenBSD’s mail server, comes another call to upgrade to the latest version, as two additional …

Cisco
Cisco drops security fixes for Smart Software Manager, security appliances

Cisco has released a new batch of security fixes for a number of its products, including its Smart Software Manager On-Prem solution and its Email Security and Content …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released whent there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools