Please turn on your JavaScript for this page to function normally.
Patch Tuesday
Microsoft fixes wormable RCE in Windows Server and Windows (CVE-2022-21907)

The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server …

malware
Detect and identify IoT malware by analyzing electromagnetic signals

Electromagnetic (EM) emanations can be recorded and used to detect and identify malware running on IoT devices, a group of researchers working at IRISA have proven. The setup …

virtual reality
How can SMBs extend their SecOps capabilities without adding headcount?

Which is more important for achieving organizational cybersecurity: security products or security people? The right answer to this (trick) question is that both are equally …

CTO of Security at Salesforce talks e-commerce cybersecurity threat trends for 2022

Online retailers are dealing with more cybersecurity threats than ever before, and the holiday (shopping) season is when they have to fend them off most aggressively. In this …

Log4j
The Log4j saga: New vulnerabilities and attack vectors discovered

The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell (CVE-2021-44228) was fixed by releasing Log4j …

Log4j
Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations

Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. …

Patch Tuesday
Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)

It’s the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability (CVE-2021-43890) actively exploited to …

UKG
Ransomware hits HR solutions provider Kronos, locking customers out of vital services

The end of the year chaos caused by the revelation of the Log4Shell vulnerability has, for some organizations, been augmented by a ransomware attack on Ultimate Kronos Group …

lock
Enterprise email encryption without friction? Yes, it’s possible

Secure communication enables more efficient communication and the secure exchange of digital documents. It can also be a fantastic customer service tool and – crucially …

Log4j
Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …

Log4j
Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, …

cloud
Vulnerabilities in Eltima SDK affect popular cloud desktop and USB sharing services

SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released whent there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools