NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.

Cisco will boost its cybersecurity capabilities by shelling out $28 billion to buy Splunk, which Cisco says will drive the next generation of AI-enabled security and observability.

NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.

The networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023.

NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security.

CISA's Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis.

NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security.

Chinese hackers exploited a zero-day tracked as CVE-2023-7102 to deliver malware to Barracuda Email Security Gateway (ESG) appliances.

Ukrainian authorities have arrested an individual allegedly involved in a $2 million cryptojacking operation.

VMware updates a critical-level bulletin: “VMware has confirmed that exploitation of CVE-2023-20887 has occurred in the wild.”

Industry professionals comment on the official release of the NIST Cybersecurity Framework 2.0. 

Cybersecurity agencies in Australia, Canada, New Zealand, the United Kingdom, and the United States have published a joint advisory focusing on detecting malicious activity and incident response.

MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems.

The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members.

Microsoft this week announced that the Transport Layer Security (TLS) 1.3 protocol is now enabled by default in Windows 10 Insider Preview builds, and that it will be rolled out to all Windows 10...

The most serious flaws allow hackers with local admin rights to execute code as the virtual machine's VMX process running on the host.

Mitchell Baker, the CEO of Mozilla Corporation and chairwoman of the Mozilla Foundation, announced on Tuesday that the company has laid off roughly 250 people, and former employees say the list...

The National Security Agency has published a new yearly report detailing its cybersecurity efforts throughout 2023.

Apple rolls out urgent patches to fix multiple security flaws in its flagship iOS platform and warned about zero-day exploits in the wild.

Bitcoin Transactions Led FBI to Twitter Hackers

Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader vulnerability that can be exploited to install persistent and stealthy malware, firmware security company Eclypsium...

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

A team at Temple University in Philadelphia has been tracking worldwide ransomware attacks on critical infrastructure, and anyone can request access to the data.

A security researcher has published proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure.

Over a dozen vulnerabilities discovered in Tor audit, including a high-risk flaw that can be exploited to inject arbitrary bridges. 

Billions of Windows and Linux devices are affected by a serious GRUB2 bootloader vulnerability that can be exploited to install persistent and stealthy malware, firmware security company Eclypsium...

Incident response experts at Sygnia provide a detailed blow-by-blow of a BlackCat ransomware attack and share tips for survival.

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs the victim’s phone...

Details on a macOS privacy protections bypass method were published this week, more than six months after Apple was informed of the issue, but failed to deliver a fix.

New HTTP/2 DoS method named Continuation Flood can pose a greater risk than Rapid Reset, which has been used for record-breaking attacks.

CISA, the FBI, and MS-ISAC have released new guidance on how federal agencies can defend against DDoS attacks.

MGM Resorts brought its computer systems back online on September 20th after ransomware disrupted operations for 10 days.

ChatGPT and its API have experienced a major outage due to a DDoS attack apparently launched by Anonymous Sudan.

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently hop around the corporate networks of U.S. and...

Google agreed to settle a $5 billion privacy lawsuit claiming that it continued spying on people who used the “incognito” mode in its Chrome browser.

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Fortinet patches CVE-2024-21762, a critical remote code execution vulnerability that may have been exploited in the wild.

Barracuda Networks is warning customers about CVE-2023-2868, a zero-day exploited to hack some Email Security Gateway (ESG) appliances.

The same Russian military intelligence outfit that hacked the Democrats in 2016 has attempted similar intrusions into the computer systems of more than 200 organizations including political parties...

Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a...

Cisco is warning of a zero-day vulnerability in Cisco ASA and FTD that can be exploited remotely, without authentication, in brute force attacks.

A team at Temple University in Philadelphia has been tracking worldwide ransomware attacks on critical infrastructure, and anyone can request access to the data.

Thousands of user accounts for online government services in Canada were recently hacked during cyber attacks, authorities said Saturday.The attacks targeted the GCKey service, used by some 30...

Industrial giant ABB has confirmed that it has been targeted in a ransomware attack, with the cybercriminals stealing some data.

MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.

The Federal Bureau of Investigation this week released an alert to warn businesses of ongoing cyberattacks involving the NetWalker ransomware.

FireEye Mandiant on Tuesday announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name currently assigned by the...

Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.

Two researchers have shown how a Tesla — and possibly other cars — can be hacked remotely without any user interaction. They carried out the attack from a drone.

GoDaddy has been notifying customers of a data breach that may have resulted in their web hosting account credentials getting compromised.Headquartered in Scottsdale, Arizona, the Internet domain...

Okta warns that hackers broke into its support case management system and stole sensitive data that can be used to impersonate valid users.

Researchers at offensive hacking shop Synacktiv demonstrated successful exploit chains and were able to “fully compromise” Tesla’s newest electric car and take top billing at the annual Pwn2Own...

ChatGPT and its API have experienced a major outage due to a DDoS attack apparently launched by Anonymous Sudan.

Ivanti is struggling to hit its own timeline for the delivery of patches for critical -- and already exploited -- flaws in its flagship VPN appliances.

Organizations in the aerospace and military sectors were compromised in a highly targeted cyber-espionage campaign that shows a possible link to North Korean hackers, ESET reveals.

Cisco has found a second zero-day vulnerability that has been exploited in recent attacks as the number of hacked devices has started dropping.

One of the vulnerabilities that Microsoft addressed on the July 2020 Patch Tuesday in .NET Framework, SharePoint, and Visual Studio could lead to remote code execution.

North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit.

Cisco warns that nation state-backed hackers are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks.

A warning issued this week by the FBI warns owners of smart home devices with voice and video capabilities that these types of systems have been targeted by individuals who launch so-called “swatti...

NIST has published the final version of the SP 800-82 Revision 3 guide to operational technology (OT) security.

ICS malware Fuxnet allegedly used by Ukrainian Blackjack group to disrupt industrial sensors and other systems belonging to a Moscow infrastructure firm.

Security responders at SolarWinds are scrambling to contain a new zero-day vulnerability being actively exploited in what is being described as “limited, targeted attacks.”

The Federal Bureau of Investigation has issued an alert to inform organizations in the United States of the risk associated with the use of Chinese tax software.

Organizations urged to hunt for potential compromise as exploitation of a recent Ivanti enterprise VPN vulnerability begins.

A former Cisco employee has pleaded guilty to hacking charges related to him accessing the networking giant’s systems and causing damage.

Microsoft releases PyRIT red teaming tool to help identify risks in generative AI through automation.

A cybersecurity attack on the city of Tulsa’s computer system was similar to an attack on the Colonial Pipeline and that the hacker is known, officials said Thursday.

150,000 systems possibly impacted by the recent Fortinet vulnerability ​​CVE-2024-21762, but there is still no evidence of widespread exploitation. 

CISA adds Sophos, Oracle and Microsoft product security holes to its Known Exploited Vulnerabilities (KEV) catalog.

OWASP’s ranking for the major API security risks in 2023 has been published. The list includes many parallels with the 2019 list, some reorganizations/redefinitions, and some new concepts.

Cybersecurity researchers have been able to capture hundreds of thousands of Windows domain and application credentials due to the design and implementation of the Autodiscover protocol used by...

A critical vulnerability addressed earlier this year in the PlayStation Now application for Windows could have been exploited by malicious websites to execute arbitrary code.

A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach the systems of Texas-based IT manage...

Researchers at offensive hacking shop Synacktiv demonstrated successful exploit chains and were able to “fully compromise” Tesla’s newest electric car and take top billing at the annual Pwn2Own...

Security researchers have identified hundreds of vulnerabilities that expose devices with Qualcomm Snapdragon chips to attacks.

US Defense Department releases defense industrial base cybersecurity strategy with a focus on four key goals.

FireEye on Sunday uncovered details of a decade-long cyber espionage campaign carried out by China targeting governments, journalists and businesses in South East Asia and India.

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

More Than 2 Petabytes of Unprotected Medical Data Found on Picture Archiving and Communication System (PACS) Servers

A security researcher was awarded a $1,750 bug bounty reward for discovering a remote code execution vulnerability in the Slack desktop applications. 

Twitter has confirmed that hackers leveraged internal tools to take over high-profile accounts and use them to post scam tweets.

PuTTY vulnerability CVE-2024-31497 allows attackers to compromise private keys and use them to forge signatures. 

CISA has released new guidance on how federal agencies can integrate identity and access management into their ICAM architecture.

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Google on Monday announced the August 2020 security updates for the Android operating system, with patches for a total of more than 50 vulnerabilities.

A threat actor employed the administrative credentials of a former employee to hack a US government organization.

Twitter said it is working to fix a

Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.

Computer networks of smartwatch and electronics firm Garmin were offline Friday in an incident which raised concerns of a ransomware attack affecting both its aviation and fitness app services.

A new domain name system (DNS) attack method that involves registering a domain with a specific name can be leveraged for what researchers described as “nation-state level spying.”

Industry professionals comment on the official release of the NIST Cybersecurity Framework 2.0. 

The exploited zero-day, tagged as CVE-2024-0519, is described as an out-of-bounds memory access issue in the V8 JavaScript engine.