Potential threats to uninterruptible power supply (UPS) devices
In this video for Help Net Security, Chris Westphal, Cybersecurity Evangelist at Ordr, talks about an alert that came out recently from CISA and the Department of Energy …
CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
KSOC announces that its Kubernetes security platform supports hardening NSA/CISA guidelines
KSOC announced that their platform satisfies the Kubernetes hardening guidelines issued by the National Security Agency (NSA) and Cybersecurity and Infrastructure Security …
Cyber attacks on Ukraine: DDoS, new data wiper, cloned websites, and Cyclops Blink
This Thursday morning, Russia started its invasion on Ukraine and, as predicted, the attacks in the physical world have been preceded and accompanied by cyber attacks: Renewed …
Dragos partners with NSA and CISA to increase OT cybersecurity for United States critical infrastructure
Dragos has announced initiatives with the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) to strengthen security and visibility …
A “light” February 2022 Patch Tuesday that should not be ignored
February 2022 Patch Tuesday is here and it’s all-around “light” – light in fixed CVE-numbered vulnerabilities (51), extremely light in critical fixes …
The Log4j saga: New vulnerabilities and attack vectors discovered
The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell (CVE-2021-44228) was fixed by releasing Log4j …
Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations
Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. …
Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including …
Carrier strengthens cybersecurity program with CVE Numbering Authority
Carrier has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). This designation allows Carrier to provide customers greater transparency and …
SecurityGate.io partners with Rokster to help industrial companies bridge the OT security skills gap
SecurityGate.io announced a partnership with Rokster, a technology consulting firm specializing in regulatory compliance, cybersecurity, artificial intelligence, blockchain, …
November 2021 Patch Tuesday forecast: More mandates in the United States
The global holiday season is upon us with Diwali happening now, Thanksgiving the end of the month, and then on to Christmas and New Years! But before we all start celebrating, …
Featured news
Resources
Don't miss
- Social engineering attacks on open source developers are escalating
- Chaos malware expands from routers to Linux cloud servers
- What managing partners should ask AI vendors before signing any contract
- Anthropic’s new AI model finds and exploits zero-days across every major OS and browser
- Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR