Millions still exposed despite available fixes
Although KEV catalog vulnerabilities are frequent targets of APT Groups, a large and exploitable attack surface remains due to software vendors’ lack of awareness and …
CISA releases free tool for detecting malicious activity in Microsoft cloud environments
Network defenders searching for malicious activity in their Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) cloud environments have a new free solution …
CISA warns CI operators about vulnerabilities on their networks exploited by ransomware gangs
Organizations in critical infrastructure sectors whose information systems contain security vulnerabilities associated with ransomware attacks are being notified by the US …
CISA launches Decider to make MITRE ATT&CK more accessible for network defenders
The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Homeland Security Systems Engineering and Development Institute (HSSEDI), has released …
Steps CISA should take in 2023
Recently, I was asked to imagine that I had been granted an hour with top officials at the Cybersecurity and Infrastructure Security Agency (CISA) – what advice would I …
North Korea targets US, South Korean hospitals with ransomware to fund further cyber operations
US and South Korean agencies have issued a joint cybersecurity advisory describing the tactics, techniques and procedures used by North Korean hackers to deploy …
CISA releases ESXiArgs ransomware recovery script
According to the latest data, the number of ESXiArgs ransomware victims has surpassed 3,800, and CISA has published a recovery script for victim organizations. Fixing the mess …
While governments pass privacy laws, companies struggle to change
Government agencies keep making new privacy rules while end users fall victim to malpractice and scams. Bill Tolson, VP of Compliance and eDiscovery at Archive360, has spent …
ICS vulnerabilities: Insights from advisories, how CVEs are reported
SynSaber recently released its second Industrial Control Systems (ICS) Vulnerabilities & CVEs Report. In this Help Net Security video, Ronnie Fabela, CTO at SynSaber, …
Attackers use portable executables of remote management software to great effect
Tricking users at targeted organizations into installing legitimate remote monitoring and management (RMM) software has become a familiar pattern employed by financially …
Extent of reported CVEs overwhelms critical infrastructure asset owners
The sheer volume of reported ICS vulnerabilities and CVEs may cause critical infrastructure asset owners to feel overwhelmed, or need help knowing where to begin, according to …
Google Chrome zero-day exploited in the wild (CVE-2022-4262)
Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome (and Chromium), which is being exploited by attackers in the …
Featured news
Resources
Don't miss
- Coinbase suffers data breach, gets extorted (but won’t pay)
- Samsung patches MagicINFO 9 Server vulnerability exploited by attackers
- Building cybersecurity culture in science-driven organizations
- How Kim Crawley challenges big tech in “Digital Safety in a Dangerous World”
- Google strengthens secure enterprise access from BYOD Android devices