Please turn on your JavaScript for this page to function normally.
WordPress
Attackers are exploiting vulnerable WP plugins to backdoor sites

A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the …

hospital
How to reduce the attack surface associated with medical devices

As the number of connected medical devices continues to rise, so does healthcare organizations’ attack surface. “Most medical devices available in the healthcare system today …

iPhone 8
Google discovers websites exploiting iPhones, pushing spying implants en masse

Unidentified attackers have been compromising websites for nearly three years, equipping them with exploits that would hack visiting iPhones without any user interaction and …

Google Play
Google will pay for data abuse reports related to popular Android apps, Chrome extensions

Google is expanding the Google Play Security Reward Program (GPSRP) to include all apps in Google Play with 100 million or more installs, and is launching a new Developer Data …

idea
CISO priorities: Implementing security from the get-go

Dr. David Brumley, CEO of ForAllSecure, a Carnegie Mellon computer science professor (on leave), and part of the team that won the DARPA Cyber Grand Challenge, was, at one …

hand
What can be done about the rising click interception threat?

Ad networks’ increasingly successful efforts to detect bot-based ad click fraud has forced attackers to focus more on intercepting and redirecting legitimate users’ …

Imperva
Imperva discloses security incident affecting Cloud WAF customers

Imperva, the well-known California-based web application security company, has announced that it has suffered a “security incident” involving its Cloud Web …

GitHub
GitHub announces wider array of 2FA options, including security keys and biometrics

GitHub has started supporting the Web Authentication (WebAuthn) web standard, allowing users to use security keys for two-factor authentication with a wide variety of browsers …

SSL VPN
Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs

Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure …

stop
Should you block newly registered domains? Researchers say yes

7 out of 10 newly registered domains (NRDs) are either malicious, suspicious or not safe for work, say Palo Alto Networks researchers, and advise organizations to block access …

Cisco
Cisco warns about public exploit code for critical flaws in its 220 Series smart switches

Cisco has fixed over 30 vulnerabilities in various solutions, including Cisco UCS Director, Cisco UCS Director Express for Big Data, Cisco IMC Supervisor, and the Cisco 220 …

Identifying vulnerable IoT devices by the companion app they use

For better or worse, connected “smart” devices are springing up like mushrooms. There is no doubt that they can be very helpful but, unfortunately, most have a …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released whent there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools