Mapping ATT&CK techniques to CVEs should make risk assessment easier
Vulnerability reporters should start using MITRE ATT&CK technique references to describe what the attacker is trying to achieve by exploiting a given CVE-numbered …
Trojan Source bugs may lead to extensive supply-chain attacks on source code
Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …
91.5% of malware arrived over encrypted connections during Q2 2021
The latest report from the WatchGuard shows an astonishing 91.5% of malware arriving over encrypted connections during Q2 2021. This is a dramatic increase over the previous …
46% of all on-prem databases are vulnerable to attack, breaches expected to grow
46% of all on-prem databases globally are vulnerable to attack, according to a research by Imperva. A five-year longitudinal study comprising nearly 27,000 scanned databases …
A look at the 2021 CWE Top 25 most dangerous software weaknesses
The 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses is a demonstrative list of the most common issues experienced over the previous two …
22% of exploits for sale in underground forums are more than three years old
Trend Micro released a research urging organizations to focus patching efforts on the vulnerabilities that pose the greatest risk to their organization, even if they are years …
Cybercriminals customizing malware for attacks on virtual infrastructure
Cyber incidents continue to rise, ransomware accounts for nearly two-thirds of all malware attacks, and more cybercriminals are customizing malware for attacks on virtual …
Dealing with security vulnerabilities on data center servers requires more skilled staff
There is a lot of attention being paid to continuously updating servers to patch security vulnerabilities on Linux servers running in data centers – a basic step …
Corporate attack surfaces growing concurrently with a dispersed workforce
Zscaler released a report on the state of corporate attack surfaces. Based on data sourced between February 2020 and April 2021, the report provides a first-ever look at the …
Enterprise networks vulnerable to 20-year-old exploits
Popular preconceptions of enterprise security and network usage are often inaccurate, according to Cato Networks. While exotic attacks and nation-states such as Russia and …
Security doesn’t always require immediacy
New security threats emerge almost continuously, meaning we now deal with a known unknown. In the past year alone, malware and ransomware use has sharply increased, 43% of …
When exploit code precedes a patch, attackers gain a massive head start
Cybersecurity researchers that publicize exploit code used in cyberattacks are giving a clear and unequivocal advantage to attackers, new research conducted by Kenna Security …
Featured news
Resources
Don't miss
- Why a new AI tool could change how we test insider threat defenses
- Why satellite cybersecurity threats matter to everyone
- Kopia: Open-source encrypted backup tool for Windows, macOS, Linux
- Review: Adversarial AI Attacks, Mitigations, and Defense Strategies
- China-linked Murky Panda targets and moves laterally through cloud services