OWASP's 2021 List Shuffle: A New Battle Plan and Primary Foe
Code injection attacks, the infamous king of vulnerabilities, have lost the top spot to broken access control as the worst of the worst, and developers need to take notice.
In this increasingly...
LightBasin Hackers Breach at Least 13 Telecom Service Providers Since 2019
A highly sophisticated adversary named LightBasin has been identified as behind a string of attacks targeting the telecom sector with the goal of collecting "highly specific information" from mobile communication infrastructure,...
Penetration Testing in the Cloud Demands a Different Approach
Attackers use a different set of techniques to target the cloud, meaning defenders must think differently when pen testing cloud environments....
Former NSA Deputy Director William Crowell Joins [redacted] Board of Directors
Cybersecurity industry veteran brings substantial public and private sector experience to help guide [redacted] growth and expansion....
Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services
Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a...
A New Variant of FlawedGrace Spreading Through Mass Email Campaigns
Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations...
Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia
A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two...
FIDO Alliance Research Tracks Passwordless Authentication as It Moves Mainstream
New Online Authentication Barometer from the FIDO Alliance reveals consumer habits, trends and adoption of authentication technologies....
Episode 228: CISA’s Eric Goldstein on being Everyone’s Friend in Cyber
Eric Goldstein, Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA), says the agency is all about helping companies and local government to keep hackers at bay....
Why Database Patching Best Practice Just Doesn't Work and How to Fix It
Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions.
But anyone...
In Cyberwar, Attribution Can Be Impossible — and That's OK
Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack....
Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting
Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the...