FISMA Update Could Boost CISA’s Authority
Potential new legislation to update FISMA could codify CISA's role and grant it additional authority.
SEARCH
MSHTML Zero Day Exploits Used Shared Infrastructure With Ransomware Group
Attackers exploiting the CVE-2021-40444 Windows flaw used infrastructure also known to be associated with a ransomware group.
VMware Fixes Critical Flaw in vCenter Server
VMware has released a fix for a critical file-upload vulnerability, along with nearly 20 other bugs in vCenter Server.
REvil Ransomware Group Reemerges
The REvil ransomware group has come back online after disappearing following the attack on Kaseya in July.
New Turla Backdoor Identified
Cisco Talos researchers have identified a new backdoor being deployed by the Turla APT against targets in multiple countries.
Azure OMIGOD Flaw Under Attack
The Azure OMI vulnerability (CVE-2021-38647) is under attack by several threat actors, including the Mirai botnet operators.
VMware Fixes Critical Flaw in vCenter Server
VMware has released a fix for a critical file-upload vulnerability, along with nearly 20 other bugs in vCenter Server.
Lawyers, Bugs, and Money: When Bug Bounties Went Boom
Bug bounties have grown from a niche idea to encourage independent security research into a massive business and a legitimate...
Uprising in the Valley: When Bug Bounties Went Boom, Part Two
Following the success of the bounty programs started by companies such as iDefense, Zero Day Initiative, and Mozilla,...
Dennis Has Some Questions About…2FA
Two-factor authentication is a vital part of many corporate security strategies, and is now offered by lots of consumer apps,...
Critical Bug in Kalay IoT Protocol Threatens Millions of Devices
A critical flaw in the ThroughTek Kalay Io platform could allow an attacker complete access to IP cameras, DVRs, and other...
Multiple Flaws in Realtek SDK Affect Wide Range of IoT Devices
Several vulnerabilities in the Realtek SDK expose millions of IoT devices to remote code execution.
Fundamental Flaw in RNGs Affects Many IoT Devices
The use of weak random number generators in many IoT devices undermines the security of the encryption keys those devices...
