Deep Dive: Protecting Against Container Threats in the Cloud
A deep dive into securing containerized environments and understanding how they present unique security challenges. [...]
Showing only posts by Tara Seals. Show all posts.
Zero-Trust For All: A Practical Guide
How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures. [...]
Most Email Security Approaches Fail to Block Common Threats
A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs. [...]
Cyberattackers Put the Pedal to the Medal: Podcast
Fortinet's Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams. [...]
Microsoft Zero-Days, Wormable Bugs Spark Concern
For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits. [...]
Authorities Fully Behead Hydra Dark Marketplace
The popular underground market traded in drugs, stolen data, forged documents and more -- raking in billions in Bitcoin. [...]
RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn
The so-called 'Spring4Shell' bug has cropped up, so to speak, and could be lurking in any number of Java applications. [...]
Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more. [...]
Google Chrome Bug Actively Exploited as Zero-Day
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine. [...]
Critical Sophos Security Bug Allows RCE on Firewalls
The security vendor's appliance suffers from an authentication-bypass issue. [...]
Microsoft Azure Developers Awash in PII-Stealing npm Packages
A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes. [...]
Russia Lays Groundwork for Cyberattacks on US Infrastructure – White House
"Evolving intelligence" shows Russia amping up for cyber-war in response to Ukraine-related sanctions, the White House said -- but researchers warn that many orgs are not prepared. [...]
Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts
The trojanized Craftsart Cartoon Photo Tools app is available in the official Android app store, but it's actually spyware capable of stealing any and all information from victims' social-media accounts. [...]
Agencies Warn on Satellite Hacks & GPS Jamming Affecting Airplanes, Critical Infrastructure
The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure. [...]
Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet
The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said. [...]
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug. [...]
Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape
Both vulnerabilities are use-after-free issues in Mozilla's popular web browser. [...]
Daxin Espionage Backdoor Ups the Ante on Chinese Malware
Via node-hopping, the espionage tool can reach computers that aren't even connected to the internet. [...]
Microsoft Accounts Targeted by Russian-Themed Credential Harvesting
Malicious emails warning Microsoft users of "unusual sign-on activity" from Russia are looking to capitalizing on the Ukrainian crisis. [...]
Zenly Social-Media App Bugs Allow Account Takeover
A pair of bugs in the Snap-owned tracking app reveal phone numbers and allow account hijacking. [...]
Xenomorph Malware Burrows into Google Play Users, No Facehugger Required
Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now. [...]
TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands
The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks. [...]
Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers
A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS. [...]
Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack
The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems. [...]
Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview. [...]
page 1 | older articles »