CISA is warning about a denial-of-service flaw in several lives of Rockwell Automation controllers, as well as a SQL injection bug in Advantech iView.
A new critical vulnerability (CVE-2022-42475) in Fortinet's Fortigate firewall has been actively exploited.
Apple plans to enable end-to-end encryption for iCloud backups and allow people to use hardware security keys for 2FA in the coming months.
The Iranian Cobalt Mirage threat group has been using the Drokbk malware in recent intrusions and employing GitHub repositories as dead drop resolvers.
Haroon Meer, hacker and founder of Thinkst, talks with Dennis Fisher about the current economic downturn and its effects on the security industry, as well as the value of listening to customers.
A North Korean state-backed actor known for targeting South Korean victims recently used an Internet Explorer zero day (CVE-2022-41128).
Haroon Meer of Thinkst joins Dennis Fisher to talk about the state of the security industry, the value of treating customers with respect, and what the economic downturn could mean for the security community.
Three vulnerabilities in the MegaRAC BMC firmware affect a long list of servers and could have seriious long term effects.
The FreeBSD Project has released updates to fix a stack buffer overflow in the ping utility.
Lucia Milica, global resident CISO at Proofpoint, talks about challenges that CISOs face when interacting with the leadership team.
LastPass says an attacker used information stolen during a previous intrusion to gain access to a cloud storage service and obtain customer data.
Google's Threat Analysis Group has exposed a new exploit framework called Heliconia that may have been used to exploit zero days in Chrome, Firefox, and Windows.
A newly discovered cyber espionage campaign from a Chinese threat actor is targeting Asian and US organizations with self-replicating malware called MISTCLOAK.
Google has updated Chrome on the desktop and Android to address a zero day that is being exploited in the wild.
Researchers warn that the usage of the discontinued Boa web server is opening up SDKs and Internet of Things devices to attack.