Security | News, how-tos, features, reviews, and videos
The zero-click hole, which was patched by Microsoft Tuesday, could point to far more vulnerabilities in the form-based architecture of Outlook.
Microsoft’s August Patch Tuesday covered 10 zero-day flaws, of which six are being exploited in the wild and four are publicly disclosed.
Nation-state threat groups are piling on attack techniques seen as successful in exploiting free cloud services.
The DPRK group’s attempts to exfiltrate data and install RMM tools by posing as US IT workers is one of several examples that show cross-domain analysis is needed to tackle rising identity-based attacks, according to CrowdStrike’s counter
CrowdStrike’s crash-inducing security software update raises concerns about suppliers’ responsibility to offer quality guarantees for their products.
Reports identifying a $75 million ransom payment made in March by a Fortune 50 company raise some questions.
Once accepted, the attackers tell developers to download a Node.js project as part of a practical test. The trojanized project on launch deploys a RAT and infostealer malware targeting all major OS platforms.
The cost can’t be completely quantified, but 70% of breached organizations reported significant disruption to their businesses.
PKfail: An AMI Platform Key discovered on GitHub led researchers to uncover test keys in firmware images from major PC and server vendors, something hackers could exploit if leaked to gain kernel control.
The malware leverages Modbus TCP communications to target operational technology assets — and can easily be repurposed to compromise other industrial controllers, putting widespread critical infrastructure at risk.