CISA orders federal agencies to regularly perform IT asset discovery, vulnerability enumeration
A new directive issued by the Cybersecurity and Infrastructure Security Agency (CISA) is ordering US federal civilian agencies to perform regular asset discovery and …
Dissect: Open-source framework for collecting, analyzing forensic data
A game changer in cyber incident response, the Dissect framework enables data acquisition on thousands of systems within hours, regardless of the nature and size of the IT …
7 cybersecurity audiobooks you should listen to this year
Audiobooks have gained enormous popularity among book lovers for a variety of factors, including their convenience, which enables listeners to learn while running errands or …
Average company with data in the cloud faces $28 million in data-breach risk
Hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations — such as admin accounts without multi-factor authentication (MFA) — have left a dangerous …
Incident responders increasingly seek out mental health assistance
Incident responders are primarily driven by a strong sense of duty to protect others. This responsibility that’s increasingly challenged by the surge of disruptive attacks, …
MS Exchange zero-days: The calm before the storm?
CVE-2022-41040 and CVE-2022-41082, the two exploited MS Exchange zero-days that still have no official fix, have been added to CISA’s Known Exploited Vulnerabilities …
Researchers outline the Lazarus APT offensive toolset
ESET researchers uncovered and analyzed a set of malicious tools that were used by the Lazarus APT group in attacks during the end of 2021. The campaign started with spear …
How to start and grow a cybersecurity consultancy
A cybersecurity industry veteran, Praveen Singh is the co-founder and Chief Information Security Advisor at CyberPWN Technologies, a digital defense consulting firm. In this …
Many IT pros don’t think a ransomware attack can impact Microsoft 365 data
Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months, according to Hornetsecurity. The 2022 Ransomware Report, which …
Infosec products of the month: September 2022
Here’s a look at the most interesting products from the past month, featuring releases from: 42Crunch, Avetta, Cloudflare, Code42, Commvault, D3 Security, Illumio, Kingston …
Week in review: MS Exchange zero-days exploited, AD attack paths, developing secure APIs
SpyCast: Cross-platform mDNS enumeration tool SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in …
Attackers use novel technique, malware to compromise hypervisors and virtual machines
Unknown attackers wielding novel specialized malware have managed to compromise VMware ESXi hypervisors and guest Linux and Windows virtual machines, Mandiant threat analysts …
Featured news
Resources
Don't miss
- Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)
- Exposure management is the answer to: “Am I working on the right things?”
- Cyberattacks are changing the game for major sports events
- Can your security stack handle AI that thinks for itself?
- July 2025 Patch Tuesday forecast: Take a break from the grind