Attackers are leveraging Follina. What can you do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a …
FluBot takedown: Law enforcement takes control of Android spyware’s infrastructure
An international law enforcement operation involving 11 countries has disrupted the spreading of the FluBot Android malware, which spreads via SMS and MMS and steals sensitive …
How cybercriminals are targeting executives at home and their families
Top executives and their families are increasingly being targeted on their personal devices and home networks, as sophisticated threat actors look for new ways to bypass …
Verizon 2022 DBIR: External attacks and ransomware reign
There has been an alarming rise (13%) in ransomware breaches – a jump greater than the past 5 years combined, Verizon Business has revealed in its 2022 Data Breach …
7 threat detection challenges CISOs face and what they can do about it
Security operations (SecOps) teams continue to be under a constant deluge of new attacks and malware variants. In fact, according to recent research, there were over 170 …
Phishers exploit Google’s SMTP Relay service to deliver spoofed emails
Phishers are exploiting a flaw in Google’s SMTP relay service to send malicious emails spoofing popular brands. Avanan researcher Jeremy Fuchs says that starting in April …
CMS-based sites under attack: The latest threats and trends
Payment card skimmers are becoming more common in exploit kits affecting WordPress websites and attackers are spending more time customizing them to avoid detection, …
How to recruit cybersecurity talent from atypical backgrounds
In this interview with Help Net Security, Max Shuftan, Director of Mission Programs & Partnerships at SANS Institute, talks about how companies and the cybersecurity …
US critical infrastructure operators should prepare for retaliatory cyberattacks
US President Joe Biden has urged companies in critical infrastructure sectors to shore up their defenses against potential cyberattacks. The warning “Most of America’s …
Qualys platform study: Log4Shell, the menace continues
The anatomy of Log4Shell By now, we are all familiar with the fact that Log4Shell is just about as critical as a critical vulnerability can get – scoring a 10 out of 10 on the …
Take a walk on the client side: The importance of front-end JavaScript security assessments
As e-skimming, Magecart, and other types of front-end attacks grow in frequency and severity, businesses are faced with finding ways to protect the front-end (i.e., client …
70% of financial service providers are implementing API security
Financial service providers, such as banks and credit card companies, use a vast amount of APIs, which makes them an attractive target for threat actors. That’s why API …
Featured news
Resources
Don't miss
- How to build a secure AI culture without shutting people down
- ScreenConnect admins targeted with spoofed login alerts
- Fake macOS help sites push Shamos infostealer via ClickFix technique
- Why a new AI tool could change how we test insider threat defenses
- Why satellite cybersecurity threats matter to everyone