Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596)
Rockwell Automation has fixed two vulnerabilities (CVE-2023-3595, CVE-2023-3596) in the communication modules of its ControlLogix industrial programmable logic controllers …
White House publishes National Cybersecurity Strategy Implementation Plan
The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, …
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities
FIRST has unveiled the latest version of its Common Vulnerability Scoring System (CVSS 4.0). Critical in the interface between supplier and consumer, CVSS provides a way to …
20% of malware attacks bypass antivirus protection
Security leaders are concerned about attacks that leverage malware-exfiltrated authentication data, with 53% expressing extreme concern and less than 1% admitting they weren’t …
Infrastructure upgrades alone won’t guarantee strong security
While 75% of organizations have made significant strides to upgrade their infrastructure in the past year, including the adoption of public cloud hosting and containerization, …
Only 45% of cloud data is currently encrypted
39% of businesses have experienced a data breach in their cloud environment last year, an increase on the 35% reported in 2022, according to Thales. In addition, human error …
Same code, different ransomware? Leaks kick-start myriad of new variants
Threat landscape trends demonstrate the impressive flexibility of cybercriminals as they continually seek out fresh methods of attack, including exploiting vulnerabilities, …
Chinese hackers forged authentication tokens to breach government emails
Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account (MSA) …
How Google Cloud’s AML AI redefines the fight against money laundering
Google Cloud’s AML AI represents an advancement in the fight against money laundering. By replacing outdated transaction monitoring systems and embracing AI technology, …
CIOs prioritize innovation over tech stack optimization
Despite economic obstacles and constraints on IT budgets, global CIOs maintain a positive outlook on the potential of technology to provide significant benefits for their …
Free entry-level cybersecurity training and certification exam
The Ultimate Guide to Certified in Cybersecurity (CC) covers everything you need to know about the entry-level credential recognized by organizations worldwide. Inside, learn …
Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)
For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an …
Featured news
Resources
Don't miss
- Building a healthcare cybersecurity strategy that works
- AI-generated images have a problem of credibility, not creativity
- The five-minute guide to OT cyber resilience
- Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)
- Apple offers $2 million for zero-click exploit chains