Oct
20

OWASP's 2021 List Shuffle: A New Battle Plan and Primary Foe

Code injection attacks, the infamous king of vulnerabilities, have lost the top spot to broken access control as the worst of the worst, and developers need to take notice.
In this increasingly...

Oct
20

LightBasin Hackers Breach at Least 13 Telecom Service Providers Since 2019

A highly sophisticated adversary named LightBasin has been identified as behind a string of attacks targeting the telecom sector with the goal of collecting "highly specific information" from mobile communication infrastructure,...

Oct
19

Penetration Testing in the Cloud Demands a Different Approach

Attackers use a different set of techniques to target the cloud, meaning defenders must think differently when pen testing cloud environments....

Oct
19

Former NSA Deputy Director William Crowell Joins [redacted] Board of Directors

Cybersecurity industry veteran brings substantial public and private sector experience to help guide [redacted] growth and expansion....

Oct
19

Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services

Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a...

Oct
19

A New Variant of FlawedGrace Spreading Through Mass Email Campaigns

Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations...

Oct
19

Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia

A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two...

Oct
18

FIDO Alliance Research Tracks Passwordless Authentication as It Moves Mainstream

New Online Authentication Barometer from the FIDO Alliance reveals consumer habits, trends and adoption of authentication technologies....

Oct
18

Episode 228: CISA’s Eric Goldstein on being Everyone’s Friend in Cyber

Eric Goldstein, Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA), says the agency is all about helping companies and local government to keep hackers at bay....

Oct
18

Why Database Patching Best Practice Just Doesn't Work and How to Fix It

Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions.
But anyone...

Oct
18

In Cyberwar, Attribution Can Be Impossible — and That's OK

Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack....

Oct
18

Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting

Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the...