Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn. [...]

Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown. [...]

What attracts the attackers? David "moose" Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets. [...]

The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. [...]

Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs. [...]

Here’s what cybersecurity watchers want infosec pros to know heading into 2022. [...]

Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. [...]

It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks. [...]

Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed. [...]

Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses and vacation tracking. [...]

AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem. [...]

Some security researchers say it’s actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it’s for real a scary morphic malware that changes its parts and recompiles itself. [...]

A bill introduced this week would regulate ransomware response by the country's critical financial sector. [...]

Researchers discovered 14 vulnerabilities in the ‘Swiss Army Knife’ of the embedded OS used in many OT and IoT environments. They allow RCE, denial of service and data leaks. [...]

The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group. [...]

The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens. [...]

No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality. [...]

The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics. [...]

An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others. [...]

Amazon, Google, Microsoft etc. making major commitments to shore up nation’s cyber-defenses just won't be enough, researchers say. [...]

Experts urged enterprises to patch fast: SAP vulnerabilities are being weaponized in a matter of hours. [...]

Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure. [...]

Critical ICS vulnerabilities can be exploited through leading cloud-management platforms. [...]

Curtis Simpson, CISO at Armis, discusses the top qualities that all CISOs need to possess to excel. [...]

The 'ModiPwn' bug lays open production lines, sensors, conveyor belts, elevators, HVACs and more that use Schneider Electric PLCs. [...]