A bipartisan group of Senators are interested in establishing a cybersecurity leader for each state in order to increase the states' abilities to respond to cyberattacks.
Citrix and FireEye Mandiant have released a scanner that can detect some indicators of compromise related to the CVE-2019-19781 vulnerability.
A new Internet Explorer vulnerability (CVE-2020-0674) is being used in targeted attacks and Microsoft does not have a patch available right now.
The latest investigation by Trend Micro Research observed multiple instances of fraud and ransomware attacks on networks with industrial control systems. For these organizations, sophisticated malware like Stuxnet and Triton aren't their biggest headaches.
Kenn White joins Dennis Fisher to discuss the details of the CVE-2020-0601 Windows crypto vulnerability that the NSA disclosed to Microsoft.
Kubernetes has launched a public bug bounty program with support from Google.
Exploits for the CVE-2019-19781 Citrix ADC vulnerability are available on GitHub while patches are still a week away.
Microsoft fixed a vulnerability in a cryptography component used by Windows 10 and Windows Server. If exploited, attackers would be able to pass off malicious software as legitimate, thus undermining digital trust.
Multiple business groups have pushed back on the Department of Commerce's proposed supply chain rules on information and communications technology supply chain security due to vague language and undefined scope.
The encryption debate is as old as the Internet, and Jennifer Granick warns that giving ground now could have serious long-term effects.
Microsoft looked at Windows Events Log to understand what RDP brute-force attacks looked like in the enterprise, and found that attackers frequently space out the login attempts over several days to avoid detection.
Mozilla has released an emergency fix for a vulnerability in Firefox that attackers are actively exploiting.
Criminals can bypass two-factor authentication and hijack user accounts by simply convincing a mobile carrier to swap SIM cards for a phone number. A group of Senators and Representatives are asking the FCC to protect consumers from these kinds of scams.
MITRE adds information about threat groups, malware, and techniques used by adversaries in attacks against industrial control systems in its ATT&CK framework.
A chosen prefix collision in SHA-1 has demonstrated a new issue with the venerable hash function developed by the NSA.