Attacks using Remote Desktop Protocol continue to be tremendously successful. It turns out many attackers are combining RDP attacks with ransomware.
A fake hiring site for veterans is the latest tool deployed by the Tortoiseshell attack group.
Enterprises need guidance on how to get ready for 5G networks, but the current fear-mongering about Huawei doesn't give enterprises the information they need to make sure the applications are secure.
Microsoft has pushed out an emergency patch for a critical remote code execution bug in Internet Explorer that has been exploited.
Keeping software secure isn't just the developer's job. GitHub is strengthening its ecosystem with tools for developers, researchers, and project maintainers to identify and fix software vulnerabilities.
Cloudflare's new "bot fight mode" protects enterprises against malicious bots with tar-pit techniques and the company pledges to plant trees to offset the carbon costs.
CISA Director Christopher Krebs urged the security community to move past selling based on fear.
The Emotet malware has come back to life after several months of inactivity over the summer.
Supply chain attacks violate the trust organizations have in their suppliers and providers. A newly discovered attack group is brazen, compromising IT providers in order to get to their final targets.
The "debate" over how law enforcement can have lawful access to encrypted messages is anything but civil. The Encryption Working Group attempted to find common ground and made some proposals, but no agreement on how messages can be viewed without undermining encryption.
A flaw in the LastPass browser extension for Chrome and Opera could leak the credential used on the previous site.
The newly disclosed Simjacker attack allows a remote attacker to track a mobile device by exploiting a weakness deep within many phones.
Dennis Fisher talks with Parker Thompson of Cyber Independent Testing Lab about the group's IoT security study.
A new attack that exploits a weakness in the DDIO feature of some Intel chips can leak sensitive data, including SSH keystrokes.
The key takeaway from the NERC report about the attack against a US electric utility isn't that companies need to be patching, but that layered defense is still the best approach for keeping systems and networks safe.