The requirement for vendors to provide a software bill of materials for the apps they sell to federal agencies will only address part of the supply chain risk, experts say.
Researchers uncovered a flaw in macOS that could allow attackers to access permissions, like screen recording, on victim devices - without their approval.
VmWare has released updates for a critical flaw in several versions of its vCenter Server virtualization product that can be used for remote code execution.
As demand for cyber insurance skyrockets, insurers are scrutinizing specific security risk factors more carefully when determining the cost and affordability of coverage.
The shutdown of the DarkSide ransomware group has affiliates seeking resolution for unpaid ransom fees.
Lindsey O'Donnell-Welch talks with Troy Hunt, founder of Have I Been Pwned, about the biggest challenges facing the security industry when it comes to credential stuffing and data breaches.
Decade-old botnets continue to adapt to the current threat landscape, as seen through the wide-ranging malicious activities of the resilient Phorpiex botnet.
Kimberly Goody of the FireEye cyber crime analysis team explains the ransomware-as-a-service model and the recent changes some groups have made to their operations.
Attackers are building innovative voice-based social engineering tactics into their malware and phishing campaigns.
The APT29 attackers who targeted SolarWinds were doing reconnaissance on the company's network as early as January 2019.
Dennis Fisher talks with Kimberly Goody from FireEye's cybercrime analysis team about the DarkSide ransomware operation, the emergence of the ransomware-as-a-service model, and what might be next for these groups.
The disclosure of the SolarWinds attack by FireEye is encouraging for the development of a national data breach reporting law, government and private-sector experts say.
With the cyber workforce gap looming, security hiring managers are looking in unconventional places and tweaking their job descriptions to appeal to candidates with "soft skills."
The SolarWinds breach, ransomware epidemic and other threats have emphasized the urgent need for more resilient systems.
A 5G threat vector analysis by several federal agencies pointed to existing legacy infrastructure deployment weaknesses and supply-chain security challenges.