Under a new binding operational directive (BOD), CISA has developed a catalog of known, exploited vulnerabilities that federal agencies must address.
The Commerce Department added NSO Group, Candiru, Positive Technologies, and COSEINC to its Entity List, restricting exports of software and hardware to them.
Cybercriminals claim they have access to various shipping and logistics company networks, causing what researchers say could be a “precarious situation” for the struggling supply chain sector.
Mozilla has added site isolation to Firefox 94 to defend against side-channel attacks such as Spectre and Meltdown.
The two zero-day flaws were part of eight vulnerabilities patched this week in Google Chrome.
A task force of European and U.S. agencies arrested 12 suspects in Switzerland and Ukraine as part of an action against a ransomware operation.
Apple has fixed more than 20 vulnerabilities in iOS 15.1 and macOS Monterey 12.01.
The FTC has made changes to the Safeguards Rule aimed at securing consumer data in the financial industry.
The Lazarus group has been recently observed “building supply-chain attack capabilities” by targeting a legitimate South Korean security software and an IT asset monitoring solution vendor.
Researchers shed light on a malware loader that's been spotted consistently being spread via email spam messages over the past month.
New data from Microsoft shows that Nobelium, Thallium, and other nation-state attack groups are increasingly focusing on government agencies and NGOs.
Microsoft said that the threat group has used phishing and password-spraying attacks to compromise at least 14 IT service providers this year.
Courtney Nash of Verica joins Dennis Fisher to talk about the new Verica Open Incident Database, which centralizes reports of software outages, security incidents, and near misses, and why studying the way systems fail is so valuable.
Didier Stevens has discovered several shared keypairs used by rogue Cobalt Strike implementations used by malicious actors.
Microsoft researchers said TodayZoo, used for a massive campaign aimed at stealing victims’ credentials, was pieced together from an old phishing kit template.