CrowdStrike failure: the beginning of the end of software without guarantees?
Everyone knows now how a flawed update crashed 8.5 million computers running the Windows version of CrowdStrike’s Falcon cybersecurity software — but what does the failure of one company’s software...
View ArticleEight-year-old “Sitting Ducks” DNS weakness exploited to hijack web domains...
The vast global Domain Name System (DNS) is so fundamental to the way the web works that service providers and their customers are sure to configure and manage it carefully. That’s the theory — now...
View Article12 wide-impact firmware vulnerabilities and threats
Nowadays all major operating systems and software programs receive automatic security updates that help users secure their systems against the barrage of vulnerabilities discovered every month. But...
View ArticleWho are the two Russian convicts released in the US-Russia prisoner swap?
In what is being lauded as a historic feat, the Biden administration, on Thursday, concluded a prisoner swap with the Kremlin, as part of an exchange deal that involved five other countries. The deal...
View Article7 network security startups to watch
Enterprise cybersecurity protections are failing to keep pace with the evolving threat landscape, which now includes everything from the weaponization of AI to state-sponsored hacking groups to the...
View ArticleAttackers leverage Cloudflare tunnels to obscure malware distribution
Cybercriminals regularly abuse free services to host malware or to set up command-and-control (C2) infrastructure because they know connections to such services won’t raise suspicion inside networks....
View ArticleClik here to view.
Switcher’s guide to mesh VPNs: Pros, cons, and how to set up key features
As organizations increasingly seek to support and secure more remote network connections, many are rethinking the traditional VPN. Many VPN alternatives exist to help secure remote access — mesh VPNs...
View ArticleDesign flaw has Microsoft Authenticator overwriting MFA accounts, locking...
With use of multi-factor authentication rising, end-users can find themselves fiddling with codes and authentication apps frequently throughout their days. For those who rely on Microsoft...
View ArticleTech contractor exposes data of 4.6 million US voters
A US technology contractor has exposed the data of 4.6 million voters and election documents from multiple counties in Illinois, raising serious concerns about election security and voter privacy. The...
View ArticleNew Linux kernel cross-cache attack allows arbitrary memory writes
Researchers from the Graz University of Technology have discovered a way to convert a limited heap vulnerability in the Linux kernel into a malicious memory writes capability to demonstrate novel...
View ArticleNew critical Apache OFBiz vulnerability patched as older flaw is actively...
Researchers warn of a new critical vulnerability in Apache OFBiz, an open-source enterprise resource planning (ERP) system and framework. The flaw potentially allows for remote code execution (RCE)...
View Article6 hot cybersecurity trends — and 2 going cold
In the world of cybersecurity, as everywhere else, AI and generative AI are top of mind. Malicious actors are using AI and genAI to create more insidious malware, more convincing phishing emails, and...
View ArticleOver 13,000 phones wiped clean as cyberattack cripples Mobile Guardian
A massive cyberattack targeting Mobile Guardian, a UK-based mobile device management (MDM) firm, has caused widespread disruption to schools and businesses worldwide, including North America, Europe,...
View ArticleNorth Korean group infiltrated 100-plus companies with imposter IT pros:...
Cybersecurity giant CrowdStrike has been caught in a torrent of bad news since an errant content configuration update on July 19 sparked a massive IT outage that affected thousands of organizations...
View ArticleThe top new cybersecurity products at Black Hat USA 2024
Black Hat USA 2024 once again served as a launchpad for several cybersecurity products and services with many notable vendors as well as up-and-coming startups showcasing their innovations at the...
View ArticleCequence streamlines API security through fresh LLM-specific offerings
API security provider Cequence has added new large language model (LLM) threat detection and management capabilities along with some fresh integrations for API discovery on its Unified API protection...
View ArticleBlack Hat preview: AI and cloud security take center stage
Hacker Summer Camp opens in Las Vegas this week with talks on cloud security, supply chain threats, and artificial intelligence at the fore of presentations at BSides LV, Black Hat USA, and DEF CON....
View ArticleBlack Hat: Latest news and insights
Black Hat USA 2024 kicks off Aug. 3 at Mandalay Bay in Las Vegas with training sessions, followed by a series of summits on Aug. 6, including the CISO Summit, with sessions on quantifying the cost of...
View ArticleClik here to view.
4 Ways Attackers Use Spoofed Email to Hijack Your Business Communications
When you hear the term “spoofed” email, does business email compromise (BEC) come to mind? It does for many people—especially security leaders. BEC is a form of email fraud, and it has been a top...
View ArticleClik here to view.
Links that Lie: Stop URL- based Attacks Before They Start
The most damaging cyber threats today don’t target machines or systems—they target humans. Today, 74% of data breaches rely on exploiting the human element. From employees clicking on malicious links...
View Article