Critical ICS vulnerabilities can be exploited through leading cloud-management platforms. [...]

Misconfigured permissions for Argo's web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers. [...]

Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches. [...]

Curtis Simpson, CISO at Armis, discusses the top qualities that all CISOs need to possess to excel. [...]

Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps processes and systems to thwart cyberattacks. [...]

Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims' business-critical processes and to intercept data. [...]

REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116. [...]

The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military. [...]

Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry. [...]

Criminals behind the potent REvil ransomware have ported the malware to Linux for targeted attacks. [...]

Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior. [...]

A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more). [...]

Every Sony PlayStation 3 ID out there was compromised, provoking bans of legit players on the network. [...]

A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products. [...]

These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers' applications. [...]

Cleanup in aisle "Oops": The supermarket chain said that it misconfigured two cloud databases, exposing customer data to public scrutiny. [...]

Approximately 38,000 of RBA's customers had their embryology data stolen by a ransomware gang. [...]

Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts. [...]

A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration. [...]

An hour-long outage hit airlines, banks and the Hong Kong Stock exchange. It's thought to have been caused by a DDoS mitigation service. [...]

An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios. [...]

Varied cloud infrastructure was used to phish email credentials, monitor for and forward finance-related messages and automate operations. [...]

"We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)" REvil reportedly wrote. [...]

Misconfigured dashboards are yet again at the heart of a widespread, ongoing cryptocurrency campaign squeezing Monero and Ethereum from Kubernetes clusters. [...]

“Siloscape”, the first malware to target Windows containers, breaks out of Kubernetes clusters to plant backdoors and raid nodes for credentials. [...]