Curtis Simpson, CISO at Armis, discusses the top qualities that all CISOs need to possess to excel. [...]

Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited. [...]

The popular e-commerce platform for WordPress has started deploying emergency patches. [...]

First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app. [...]

SonicWall issued an urgent security alert warning customers that some of its current and legacy secure VPN appliances were under active attack. [...]

The gang is using a new brute-forcer – “Diicot brute” – to crack passwords on Linux-based machines with weak passwords. [...]

Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps processes and systems to thwart cyberattacks. [...]

A Windows security bug would allow an attacker to fool a USB camera used in the biometric facial-recognition aspect of the system. [...]

Just days after President Biden demanded that Russian President Putin shut down ransomware groups, the servers of one of the biggest groups mysteriously went dark. [...]

Professors, journalists and think-tank personnel, beware strangers bearing webinars: It’s the focus of a particularly sophisticated, and chatty, phishing campaign. [...]

Matt Dunn, associate managing director in Kroll's Cyber Risk practice, discusses options for securing RDP, which differ significantly in terms of effectiveness. [...]

The malware has targeted Chinese gambling sites with fake app installers. [...]

The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution. [...]

The attacks are enabled by a now-patched vulnerability in ForgeRock's Access Management, a popular platform that front-ends web apps and remote-access setups. [...]

The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a worldwide supply-chain attack on MSPs and their customers. [...]

Cybersecurity is one of the most important topics on the global agenda, boosted by the pandemic. As the global digitalisation is further accelerating, the world is becoming ever more interconnected. Digital ecosystems are being created all around us: countries, corporations and individuals are taking advantage of the rapid spread …

The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more. [...]

A global effort to steal information from energy companies is using sophisticated social engineering to deliver Agent Tesla and other RATs. [...]

The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data. [...]

Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis. [...]

The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers' bank-card data. [...]

Threat actors are planting Cobalt Strike backdoors by malspamming a bogus Microsoft update along with a SecurityUpdates.exe. [...]

David "moose" Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to "pick one lock" to invade an enterprise through them. [...]

At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze. [...]

The newborn platform was inundated by Sonic the Hedgehog-themed porn and had prominent users' profiles defaced. Next, hackers posted its user database online. [...]